Sign In
Request a Demo
Sign In
Request a Demo

What is a CISO?

A Chief Information Security Officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the vision, strategy, policy, compliance, and program to ensure information assets and technologies are properly protected and legal requirements with regard to data and network security are met.

What does a CISO do?

A CISO works alongside company executives, managers, cybersecurity teams, and IT teams to coordinate cybersecurity strategy, policy, and response. The CISO reports to the CEO and/or the Board. An important part of a CISO’s role is reporting on the state of the organization's cybersecurity defenses, weaknesses, and strategy - mapping out all of the vulnerabilities while also being in charge of the Incident Response Plan. Having the right Board and CEO reports is critical to managing and executing this job function. The CISO also typically takes responsibility for setting and managing the cybersecurity budget.

What is the Role of a CISO?

Here's a non-exhaustive list of the different roles and responsibilities that a CISO is in charge of. The reporting structure and responsibilities may vary depending on the organization's size and maturity. 

  1. Security operations
  2. Cyber Risk and Cyber Threat Intelligence
  3. Data loss and fraud prevention
  4. Security Roadmap and  Architecture: 
  5. Identity and Access Management (IAM)
  6. Cybersecurity Program management
  7. Governance and Compliance
  8. Board Reporting

See Also: 

  1. CISO Board Report 
  2. Board Report Slide Template
  3. Reporting Cybersecurity to the Board

Return to Ecosystem Terminology Glossary

LEARN MORE ABOUT CYBERSECURITY BOARD REPORTING

Download the Board Reporting Playbook

DOWNLOAD THE PLAYBOOK