Summary
This chapter has addressed five important roles of a CISO executive. Firstly, we evaluated the IT threat landscape, which entails assessing both the internal and external aspects of the company to identify potential risks and take measures to mitigate them. Secondly, we looked at devising various policies and controls, such as granting various security privileges to users to reduce risk. Thirdly, we considered leading auditing and compliance initiatives whereby the CISO assesses all security aspects of an organization and ensures they comply with regulations and international standards. Then, we touched on how CISOs manage an organization's information security initiatives, such as securing servers and purchasing up-to-date anti-malware programs; and lastly, we explored establishing partnerships with vendors and security experts to enable a CISO to obtain effective software tools for threat identification and mitigation of threats, as well as keeping abreast of current threats in the IT threat landscape.
The next chapter will address various regulations and laws that govern the IT industry that CISOs need to comply with to enable the effective dissemination of their duties. The focus will be on international standards that govern the security of stored data, the transmission of data, and ensuring the privacy of user data.
