Roles of a CISO

Posted by eheet001 on

The CISO has a lot of responsibility in the world of cybersecurity, being described by Wesley Mullins, A CIO and CISO, as “the ultimate protector”. This means that the CISO must make decisions regarding all 3 core concepts of the CIA triad, confidentiality, integrity, and availability. The aspect that we will be talking about today is the third concept, availability. Availability is the  concept that data should be readily accessible to those who are authorized to view that data. As the CISO, you must be able to decide which practices to implement within your company so that information and data can be accessed by those authorized to view it, but still be protected from those who aren’t authorized to view the data. I would go about this in a few ways, namely maintaining and updating hardware,and physically protecting our systems. The reason why I would maintain and update all hardware is simple, this keeps the hardware up to date and free from any bugs or other vulnerabilities that might cause issues with our system. One of the most threatening things to the availability of a system are DoS attacks. By keeping our hardware updated and up to date, our systems will better resist these types of attacks. The other way that I would protect the availability of a system is through physical security. This would manifest as routine backups of a system as well as limiting the amount of people that are authorized to come into contact with the physical system. The maintenance of backups would allow the company to backup their systems if they are hacked, making the system available again, and the limiting of who can physically access the system will deter physical attacks on our systems. Both of these practices will allow the company to increase their availability, aiding in the daily operations of the company.

Citations:

Chai, W. (2021, January 29). What is the CIA TRIAD? DEFINITION, explanation and examples. WhatIs.com. Retrieved September 25, 2021, from https://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA. 

Mullins, W. (2021, September 20). CISO roles and Responsibilities: What is A CISO? deepwatch. Retrieved September 25, 2021, from https://www.deepwatch.com/blog/understanding-ciso-roles-responsibilities/. 

Sharma, H. (2020, January 24). Availability in information security. GeeksforGeeks. Retrieved September 25, 2021, from https://www.geeksforgeeks.org/availability-in-information-security/. 

Leave a Reply

Your email address will not be published. Required fields are marked *