Influencers
Being a CISO: A Bird’s-Eye View
Sebastián Alejandro Vargas Yáñez
Is the same true for information security (INFOSEC) and
computer security (ITSEC)?
What is a CISO?
A CISO is the information security officer of an organization, who
must tell organizations to create security policies, manage those
policies, information, assets, and risks associated with them, and
create
security
programs
and
awareness plans.
What is the profile of a CISO?
There is not one „cut and dry‟ way to
become a CISO in a public or private
organization. Many professionals start
from computer security and work their
way up. From pre and postgraduate
training that allows you to get the
necessary technical knowledge, the
appropriate profile seems to be 50%
technical. That means that the
individual understands the subject of
computer security and 50% of leadership and management experts,
lead people, plans, and actions. Those actions lead to completed
and accepted goals.
A CISO should know the technical parts because they must be able
to talk to administrators and security analysts, as well as managers
of the organization, without problems. In technical language and
managerial language, your communication should be clear and
effective.
It is often thought that information security is only about the
preventive and reactive controls, or about the configuration of the
IDS/IPS, the antivirus, or the spam filter. We talk about a risk
scenario and the treatment of risks to security, and it is an accuracy
that will take space to improve
their understanding, given the
security of information, has an
articulating
arm
to
the
management of computer security
and cybersecurity.
Information security is responsible
for protecting
the
information
assets in all its formats. The 14
domains, for example, simplify
ISO
27.001:
2013,
from
information assets, electronic or
paper, people, and processes into
detective, preventive, dissuasive,
reactive, compensatory controls.
Considering and understanding how fast technology is advancing in
the information age, cloud computing, smart cities, the internet of
things, industry 4.0 and from the other point of view malware as a
service, it is imperative that organizations take steps to be precise,
clear in the search to take better care of information assets and in
recent cases we have seen the information of citizens.
4