This guide explains the changing goals of an information security department and describes the hard and soft skills that a successful CISO requires.
The role of the Chief Information Security Officer has evolved enormously in recent years in response to security threats and a challenging business environment. Instead of being primarily a master technician, today’s CISO has to be a trusted advisor to senior management.
The CISO has overall responsibility for corporate security strategy, but today’s CISO has to be in the business of managing information, not just securing it. The successful CISO needs to have excellent communication and presentation skills, and to demonstrate keen business acumen.
The serious and ever-changing nature of today’s security threats demand a strategic-minded response, and a successful CISO will always be thinking about how to gain business objectives through enabling technology while properly managing risk.
This pocket guide emphasises the importance of a suitable information security management system (ISMS) and the risk management methodolgy that should be at its heart.
Today’s CISO must be integrated into all aspects of the business and have a full understanding of its strategy and objectives.
A good risk management methodology must take into account the special information security needs of the company as well as legal and regulatory requirements.
The guide explains how to design and implement an ISMS that is appropriate for the organisation. It also describes the key management system processes that should be included in an ISMS.
Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.
Barry Kouns is a security and risk management expert with over 25 years of experience in information security consulting, risk assessment and quality management. Barry formed and operates SQM-Advisors, an information security, risk assessment and IT service management firm that has led eight organisations to ISO/IEC 27001:2005 certification. He is frequently quoted in magazines and news articles on information security and has held the position of Trainer for the British Standards Institute (BSI). He holds a BS in Statistics and an MS in Industrial Engineering Management. Barry has earned the CISSP designation and is a trained ISO/IEC/27001 Lead Auditor and ISMS Implementer, and is ITIL Foundation certified.
Jake Kouns has an MBA with a concentration in Information Security from James Madison University. He holds a number of certifications including CISSP, CISM, CISA and CGEIT. He is currently Director of Cyber Security and Technology Risks Underwriting for Markel Corporation, a specialty insurance company. He has presented at many well-known security conferences including RSA, CISO Executive Summit, EntNet IEEE GlobeCom, CanSecWest, and SyScan. He is the co-author of Information Technology Risk Management in Enterprise Environments, and has also been interviewed numerous times as an expert in the security industry. Jake is the co-founder, CEO, and CFO of the Open Security Foundation (OSF), a non-profit organisation that oversees the operations of the Open Source Vulnerbility Database (OSVDB.org) and DataLossDB.