Chief Security Officers CSO
Chief Security Officers
The Chief Security Officer (or Chief Information Security Officer) is responsible for overall corporate security – they oversee and coordinate all security efforts, including information technology, human resources, communications, legal, and facilities management. They safeguard the company’s assets, intellectual property, computer systems, as well as the physical safety of employees and visitors. They are ultimately responsible for defining security policy, strategy and vision. If an organization needs to comply with government mandates such as GLBA, SOX or HIPAA but does not have a CPO on staff, the CSO/CISO is typically the focal point for these compliance activities.
The CSO is the executive responsible for the organization’s entire corporate security posture, both physical and digital. The CSO oversees and coordinates security efforts across the enterprise, including information technology, human resources, communications, legal, and facilities management. The CSO is also responsible for identifying security initiatives and standards. CSO’s typically own, or participate closely in initiatives such as business continuity planning, loss prevention, fraud prevention, and privacy.
Currently many business organizations are focused on technology ‘security’, and the procedures that are in place to secure and protect people, data, systems, facilities, assets and property – all of which tie closely to government mandates such as HIPAA, SOX and GLB. Security planning also ties closely to business continuity planning – the plan that provides security to your shareholders, employees, and customers. Your business continuity plan helps to ensure that your organization has the ability to continue to function and stay in business during or after a catastrophe or disaster.
A key responsibility of a CSO is to help determine the areas of weakness within an organization and to correct those weaknesses, which if compromised, can impact the ability of the company to continue essential functions and mission-critical services.
In that today’s world is data-centric and information driven, the ultimate role and challenge of the CSO is to anticipate disaster scenarios – they must create check-points and redundancies to maintain and safeguard systems and facilities, and they must develop processes and security measures that protect people, data, and both client and corporate assets and property.
In the 1990s the government, as a means of demanding corporate accountability, passed Acts such as HIPAA, Sarbanes Oxley and GLB, that require organizations to undergo annual compliance audits to help to ensure that such safeguards are in place.
Putting such procedures and processes in place require specific knowledge and expertise, and many smaller organizations seek out that CSO expertise on a ‘part-time, contract, or on-demand basis’, since employing these resources full-time would be cost-prohibitive.
It should also be noted that since 9/11, many organizations, especially international organizations and government institutions, will not conduct business or trade information with other organizations that cannot prove voluntary or mandated compliance to generally accepted security guidelines and principles such as ISO 17799 or SAS70, both of which can also be used to support SOX and GLB compliance.
Currently there are many comprehensive CSO or CSO Managed Services programs, which provide peace of mind to any company seeking security certification or compliance, seeking to secure their IT infrastructure and information, or seeking to develop a solid business continuity plan that will help guarantee their ability to continue operations during or after a breach or disaster.
redo
