Monday, May 14, 2018

The Role of The Chief Information Officer in an organization


            There are two types of organization management; Flat and Hierarchical organizations (Johnson, R., 2015). Consequently, the type of organization determines how priorities are placed on information security and its associated policies. However, the recent increase in data breaches within organization coupled with the increase in the migration from brick and mortal to web-based has necessitated the need for information security personnel especially, the Chief Information Officer (CIO). "According to the latest information, almost sixty percent of the organizations in the United States acknowledge the existence of a CISO dedicated entirely to security (Ware)" (SANS.org, 2003). The ability of the CIO to relay and communicate information directly with top management can determine how effective information security and information security policy is implemented at a lower level (by employees).

            Therefore, a firm in which the CIO reports to the Chief Finance officer, for example, ensure that information security issues are a primary concern the dynamics of the organization's decision-making process. Furthermore, such organization perceives information security as a business concern rather than a technology issue (Johnson, R., 2015). Consequently, such organization allows the CIO to implement a security policy that is beneficial to the organization's well being. Therefore, the CIO not only channel security information and risk to top management, but, also act as the firm's representative between customers, other stakeholders, and organizations regarding the organization's security strategy (Johnson, R., 2015). Essentially, the CIO role is an important one in an organization that is security conscious.



References
Johnson, R., (2015). Johnson, B., (2015). Security policies and Implementation Issues (2nd ed). Burlington, MA: Jones & Bartlett Learning. ISBN: 978-1-284-05599-3
SANS.org, (2003). Mixing Technology and Business: The Roles and Responsibilities of the Chief Information Security Officer. Retrieved from: https://www.sans.org/reading-room/whitepapers/assurance/mixing-technology-business-roles-responsibilities-chief-information-security-officer-1044
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Insider threats to security

I find this article, titled, “Are your biggest security threats on the inside? ", by David Weldon particularly interesting.   The ar...