Structuring the Chief Information Security Officer Organization
Software Engineering Institute
Chief Information Security Officers (CISOs) are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with today’s increasingly expanding and dynamic cyber risk environment. Many opinions and publications express a wide range of functions that a CISO organization should be responsible for governing, managing, and performing. How does a CISO make sense of these functions and select the ones that are most applicable for their business mission, vision, and objectives?
This webinar describes a CISO organizational structure and functions for a typical large, diverse organization using input from CISOs, policies, frameworks, maturity models, standards, codes of practice, and lessons learned from major cybersecurity incidents.
- Understand a structured approach for developing and evaluating a CISO organization structure
- Be able to demonstrate the extent to which your CISO structure addresses widely accepted cybersecurity frameworks and standards
- Consider using this structure to identify coverage, gaps, and areas of improvement
About the Speaker
Julia Allen is an SEI alumni employee.
Julia Allen is a principal researcher within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Allen’s areas of interest include operational resilience, security governance, and measurement and analysis. Prior to this technical assignment, …Read more