What does a CISO do?

CISO stands for Chief Information Security Officer. It is typically an executive-level position responsible for overseeing activities and staff related to the security of all technical systems supporting the organization, including devices, networks, cloud, multi-cloud, hybrid, and on-prem. A CISO may report to a Chief Information Officer (CIO), Chief Operations Officer (COO), Risk Officer, General Counsel, or the Chief Executive Officer (CEO).

The CISO is often responsible for reporting cybersecurity activities and recommendations to an organization’s executive board.

The role of Chief Information Security Officer differs from that of a Chief Security Officer (CSO), with the CSO being primarily responsible for the physical safety and security of people and the building infrastructure. The CISO is responsible for anything related to cybersecurity.

While the specific duties of a CISO vary between organizations, they commonly include supervision over:

  • All cybersecurity activities and initiatives;
  • Design and implementation of security systems, strategies, policies, and procedures;
  • Development of continuity of operations plans (COOP), incident response plans, disaster recovery plans and protocols, and any security playbooks;
  • Privileged account management activities;
  • Systems maintenance and vulnerability management;
  • Incident, attack, and breach response; and/or
  • Compliance requirements.

Sources: Understanding CISO Roles and Responsibilities

Subscribe to the Deepwatch Insights Blog