As a chief information security officer, I would have the unique role in the company. Responsibilities related to information security would fall on me and I would have to put forth actions in order to protect data from attacks. Security implementation and risk mitigation for the company would be the highest priority. I would firstly ensure that all the employees would have sufficient training in relation to data security, personal identifiable information, and physical security within the company. Attackers have technology easily available to conduct broad and spear phishing attacks, distributed denial-of-service attacks known as DDoS, and network surveillance. Basic and advanced training on spotting these attacks should be offered and required by all those in key positions

As a CISO, I would also oversee the budget in regard to the information tech security within the company. As stated in an article by ZDnet.com, 83% of IT leaders have been increasing their spending on cybersecurity within the last year. Budgeting for better training, hardware, and software is a vital need for a company.

As a CISO, protecting the data in the company is of the upmost importance. Utilizing logical and physical securities would be a priority. Such as encryptions, authorizations of personnel, abilities to authenticate them, locks on the servers and doors and networking cabinets. Other logical securities like adding firewalls to the networks, having up to date antispyware and virus protection and detection methods. Physical methods like changing codes or locks on a regular basis and giving only those authorized the ability to access the secure rooms or hardware. Utilizing a log for access points can ensure the integrity of the access point as well.

Lastly, I would not want the IT security to be a bottleneck and restrict the workflow of the company. Finding the correct methods that work for the company is important.