Structuring the Chief Information Security Officer Organization
• Technical Note
Publisher
Software Engineering Institute
DOI (Digital Object Identifier)
10.1184/R1/6584423.v1Topic or Tag
Abstract
Chief Information Security Officers (CISOs) are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with today’s increasingly expanding and dynamic cyber risk environment. Many opinions and publications express a wide range of functions that a CISO organization should be responsible for governing, managing, and performing. How does a CISO make sense of these functions and select the ones that are most applicable for their business mission, vision, and objectives?
This report describes how the authors defined a CISO team structure and functions for a large, diverse U.S. national organization using input from CISOs, policies, frameworks, maturity models, standards, codes of practice, and lessons learned from major cybersecurity incidents.
Part of a Collection
CERT-RMM and the U.S. Postal Service (USPS)
Cite This Technical Note
Allen, J., Crabb, G., Curtis, P., Fitzpatrick, B., Mehravari, N., & Tobar, D. (2015, October 6). Structuring the Chief Information Security Officer Organization. Retrieved December 22, 2024, from https://doi.org/10.1184/R1/6584423.v1.
@techreport{allen_2015,
author={Allen, Julia and Crabb, Greg and Curtis, Pamela and Fitzpatrick, Brendan and Mehravari, Nader and Tobar, David},
title={Structuring the Chief Information Security Officer Organization},
month={{Oct},
year={{2015},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6584423.v1},
note={Accessed: 2024-Dec-22}
}
Allen, Julia, Greg Crabb, Pamela Curtis, Brendan Fitzpatrick, Nader Mehravari, and David Tobar. "Structuring the Chief Information Security Officer Organization." Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, October 6, 2015. https://doi.org/10.1184/R1/6584423.v1.
J. Allen, G. Crabb, P. Curtis, B. Fitzpatrick, N. Mehravari, and D. Tobar, "Structuring the Chief Information Security Officer Organization," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, 6-Oct-2015 [Online]. Available: https://doi.org/10.1184/R1/6584423.v1. [Accessed: 22-Dec-2024].
Allen, Julia, Greg Crabb, Pamela Curtis, Brendan Fitzpatrick, Nader Mehravari, and David Tobar. "Structuring the Chief Information Security Officer Organization." Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 6 Oct. 2015. https://doi.org/10.1184/R1/6584423.v1. Accessed 22 Dec. 2024.
Allen, Julia; Crabb, Greg; Curtis, Pamela; Fitzpatrick, Brendan; Mehravari, Nader; & Tobar, David. Structuring the Chief Information Security Officer Organization. Software Engineering Institute. 2015. https://doi.org/10.1184/R1/6584423.v1