One of the positions that really caught my interest from the NIST 800-12 document is that of a Chief Information Security Officer. This individual plays a huge role in securing the company’s information. What I know about CISO is that the person in this role sees to it that the company has an excellent security plan, and its systems are secure enough to not be breached or subjected to unauthorized use.

The CISO manages both the technical part, by dealing directly with the security experts and the business part, by communicating directly to the leading group of the company. This is particularly important because they explain some measures that must be taken, helping the leading group understand the risks. Also, they update the security policies and instruct all the staff on the up-to-date practices.

Moreover, the CISO participates in developing and putting into practice broad security policies that align with the goals of the organization and its regulatory requirements. Since the threat of cybersecurity is constantly changing, CISO’s should stay updated on emergent cybersecurity threats and trends that could impact the organization’s assets successfully. This includes continuous monitoring and assessment of the company’s security posture, conducting regular audits, and compliance checks.

The role of the CISO has changed dramatically over the years. From technically being oriented- whether that is managing firewalls or antivirus, today’s CISO’s must have a broad view of enterprise functions and strategic risk management. CISO’s today are much more intertwined into the business-and at executive levels-working to balance security measures with the company’s objectives without stifling its growth.

I have a broader understanding of why having a CISO is necessary. Without someone like that, it would be hard for a company to keep up with every potential security threat. They help the company not to have surprises regarding cyber-attacks and make sure security does not slow the company down. It is the CISO who keeps everything in a good order by finding a balance between security needs and business objectives.