icon-carat-right menu search cmu-wordmark

Structuring the Chief Information Security Officer Organization

Podcast
In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations.
Publisher

Software Engineering Institute

Topic or Tag

Listen

Abstract

Chief Information Security Officers (CISOs) are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with today’s increasingly expanding and dynamic cyber risk environment. Many opinions and publications express a wide range of functions that a CISO organization should be responsible for governing, managing, and performing. How does a CISO make sense of these functions and select the ones that are most applicable for their business mission, vision, and objectives?

In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations based on inputs from CISOs, policies, frameworks, maturity models, standards, codes of practice, and lessons learned from major cybersecurity incidents.

About the Speaker

Headshot of Julia Allen.

Julia H. Allen

Julia Allen is an SEI alumni employee.

Julia Allen is a principal researcher within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Allen’s areas of interest include operational resilience, security governance, and measurement and analysis. Prior to this technical assignment, …

Read more

Lisa R. Young

Lisa Young is an SEI alumni employee.

Lisa Young, Senior Member of the Technical Staff at the Software Engineering Institute at Carnegie Mellon University, has 20+ years of experience in the information technology and telecommunications industry. She holds the designation of Certified Information Systems Auditor (CISA), Certified Information Security Manager …

Read more