search menu icon-carat-right cmu-wordmark

Structuring the Chief Information Security Officer Organization

Technical Note
The authors describe how they defined a CISO team structure and functions for a national organization using sources such as CISOs, policies, and lessons learned from cybersecurity incidents.
Publisher

Software Engineering Institute

DOI (Digital Object Identifier)
10.1184/R1/6584423.v1

Abstract

Chief Information Security Officers (CISOs) are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with today’s increasingly expanding and dynamic cyber risk environment. Many opinions and publications express a wide range of functions that a CISO organization should be responsible for governing, managing, and performing. How does a CISO make sense of these functions and select the ones that are most applicable for their business mission, vision, and objectives?

This report describes how the authors defined a CISO team structure and functions for a large, diverse U.S. national organization using input from CISOs, policies, frameworks, maturity models, standards, codes of practice, and lessons learned from major cybersecurity incidents.

Cite This Technical Note

Allen, J., Crabb, G., Curtis, P., Fitzpatrick, B., Mehravari, N., & Tobar, D. (2015, October 6). Structuring the Chief Information Security Officer Organization. Retrieved May 18, 2024, from https://doi.org/10.1184/R1/6584423.v1.

@techreport{allen_2015,
author={Allen, Julia and Crabb, Greg and Curtis, Pamela and Fitzpatrick, Brendan and Mehravari, Nader and Tobar, David},
title={Structuring the Chief Information Security Officer Organization},
month={Oct},
year={2015},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6584423.v1},
note={Accessed: 2024-May-18}
}

Allen, Julia, Greg Crabb, Pamela Curtis, Brendan Fitzpatrick, Nader Mehravari, and David Tobar. "Structuring the Chief Information Security Officer Organization." Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, October 6, 2015. https://doi.org/10.1184/R1/6584423.v1.

J. Allen, G. Crabb, P. Curtis, B. Fitzpatrick, N. Mehravari, and D. Tobar, "Structuring the Chief Information Security Officer Organization," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, 6-Oct-2015 [Online]. Available: https://doi.org/10.1184/R1/6584423.v1. [Accessed: 18-May-2024].

Allen, Julia, Greg Crabb, Pamela Curtis, Brendan Fitzpatrick, Nader Mehravari, and David Tobar. "Structuring the Chief Information Security Officer Organization." Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 6 Oct. 2015. https://doi.org/10.1184/R1/6584423.v1. Accessed 18 May. 2024.

Allen, Julia; Crabb, Greg; Curtis, Pamela; Fitzpatrick, Brendan; Mehravari, Nader; & Tobar, David. Structuring the Chief Information Security Officer Organization. Software Engineering Institute. 2015. https://doi.org/10.1184/R1/6584423.v1