Network-assessment

If your organization is already a large corporation, your security level should already be mature enough and you will need to find a Corporate Information Security Officer. Since there is a global shortage of one million cyber security professionals, it’s likely that your organization is also shorthanded in this area and you’re looking for someone to fill in the position of a CISO.

To make sure that you’ll find the right person for the job, look for the person\s experience in these key areas:

1. Risk and Strategy

First and foremost, the CISO should look at the company’s control environment and help create a cyber security plan. The CISO should look at all resources and make sure everything is coordinated to mount a proper response during a threat scenario. A CISO will have to look at all layers from the physical security layer, network security, cyber security policies, and even cyber security training for employees.

2. Security and Controls

This CISO function involves constant testing of cyber security defenses and simulation of the organization’s attack readiness. The CISO gets his team of white hat hackers to check for any security holes in the company’s defenses. However, the goal is also to make sure the defense team learns from the exercises by being able to identify the hints that an attack is happening.

3. Security Operations

This function involves working with analytics and monitoring logs. An attack is often stealthy and can only be identified through irregularities in monitoring logs. This can be an intensive task but it is necessary to catch any attacks or any threats

4. Security Engineering

Lastly, a CISO should introduce new solutions to use as part of the company’s defense layer. They should be the ones to shop around and check for the latest technology or deploy the newest strategies to counter threats. This involves a lot of research but it has become necessary because of the increasing innovation

Knowing what to look for in a CISO is important because of the dearth personnel. Understanding these responsibilities will help the organization zero in on the right candidate or start performing the duties in case they cannot find talent. A CISO is not a luxury position – it is an essential job in this ever evolving threat landscape.

Share this article

Network-assessment

Seasoned writer with a demonstrated history working in areas of information security, digital rights, and education. Skilled in content curation, research, curriculum development, editing, and history. Strong media, marketing, and communications professional with an MA in Education and a BA in from the University of California, Berkeley. Find her on Twitter: @jennjeffers3

Post a comment