CISO: a key job within the business for system security

Project governance almost systematically requires a steering committee. Small or large companies need to benefit from an optimal level of security so that the data integrated in the various work software programs benefit from absolute confidentiality. The use of an information systems security manager (ISSM) is the most appropriate solution. This professional, specialized in IT security issues, and always aware of the latest trends in cybercrime and cybersecurity, is empowered to educate and train employees to ensure the security of computer and telecommunications systems in the various departments of the company. The CISO is most often attached to the information systems department or to the company’s general management.

IT Strategy

The IT blog

The role of the CISO

The information systems security manager is an expert in information security for applications and telecommunications networks. It identifies and implements the necessary means and solutions to prevent threats that could impact data security and/or the company’s activity (e.g. fight against the risk of undesirable viruses and data hacking attempts by hackers). These threats are becoming more and more frequent, given the evolution of the flows linked to the use of the Internet.

The role of the IT security systems manager is to ensure the security, reliability and integrity of the company’s information system. He is responsible for defining the security policy and ensuring that it is applied appropriately by all those who may have access to or work with the company’s confidential computerized data.

The main objectives of the CISO are to identify and secure the information system, to inform, advise, train and alert managers and staff to risks related to the lack of security of data or business applications. In concrete terms, the IT security manager will meticulously analyze the various information systems present within the company. On this basis, one of its missions is to accompany and raise awareness among the various sector employees, managers and external stakeholders on the various rules to be respected, the necessary changes and the behaviour to be adopted to guarantee the security of IT systems.

The IT security expert also makes various recommendations to project development teams, with reference toOWASP. This framework is based on a set of effective best practices that allow for risk analysis, identification of the main threats as well as the possibilities of action to remedy them.

    Stages of intervention of the CISO

    In order to obtain a global representation of the different steps of work carried out by the CISO who ensures the security of IT devices, here is an overview of the main tasks that fall under his professional competences:

    • Define the system security policy: determine the objectives and needs, develop the implementation of appropriate procedures.
    • Identify and analyze risks: evaluation of threats and consequences, study of available means of protection, drafting of a prevention plan.
    • Ensure the follow-up of the implementation of the worksites aiming at limiting the impact of the threats on the company’s activity
    • Prevent and train employees in information systems security: awareness and training of management, assistance in the creation of a security rule book, advice and assistance to teams.
    • Supervise the security tools put in place: check the coherence of the security policy elaborated in relation to the initial plans, control the application of the protocol and the respect of the security rules by the companies’ staff.
    • Ensure the follow-up of the necessary evolutions: readjustment of the security instructions if necessary, ensure the physical and logical security of all the information systems of the commercial sign.
    • Limit access to strategic and strictly confidential information networks.
    • Ensure a technology watch on topics related to cybersecurity and cybercrime.

    To carry out all these steps in a cyclical manner and ensure the continuous improvement of IS security, the CISO can rely on the PDCA(Plan Do Check Act) method.

    The essential skills of the CISO

    The job of computer security systems manager requires a certain number of qualities and skills that allow him to perform his job effectively. Here is an overview of the main skills desired:

    • Rigor and organization are required to identify the safety measures to be implemented and to ensure that the company’s employees comply with procedures.
    • Pedagogy is essential to raise awareness or provide training and advice to the various teams and departments of the company.
    • Curiosity, especially about current events related to cybersecurity but also about new technologies, is essential to better understand and anticipate existing or future threats.
    • Communication and listening skills allow us to better adapt to the different interlocutors in order to transmit the expected level of information in an objective and professional manner to all levels of the company.
    • Good stress management is necessary in order to be able to deal with the threats and problems encountered.

    Training to become a CISO

    To become a computer security systems manager, it is necessary to have graduated from an engineering school or to hold a professional master’s degree in the field of computer science and networks. A degree or certification in cybersecurity or ISO 2700X standards may also be required.

    DOWNLOAD OUR FREE WHITE PAPER

    ” ALL ABOUT PROJECT GOVERNANCE IT “

    Also read in our “project governance” file:

     

    • Project comitology: the governance bodies of an IT project and their roles
    • Steering and governance of an HR project: which profiles should be involved?
    • Steering and governance of a Finance IS project: which profiles should be involved?
    • Steering and governance of an IT project: which profiles should be involved?
    • Project governance: what role for the steering committee?
    • The actors of a project team: organisation, role and skills
    • The IS manager at the heart of the development and evolution of systems
    • HRIS Manager: what role in the evolution of HR Information Systems?
    • IS project manager : what role and responsibility in an IS project?
    • Functional consultant: a role close to the business processes
    • Technical consultant: a profession at the heart of technological development
    • Solution architect : a profession that manages development and deployment
    • DevOps Consultant: role, missions and development skills
    • Data Protection Officer (DPO): what roles and missions?
    • CISO: a key job within the business for system security
    • The service delivery manager at the heart of team management
    • Scrum master, a key profession for Scrum project management
    • Data scientist: a strategic profession at the service of management
    • MOA / MOE: how are the roles divided on an information system implementation project?
    Share This