Chapter 25 Cyber Competencies and the Cybersecurity Officer


Tom and his team have journeyed through the discovery of the benefits and risks of the digital organization and have come to an understanding of how the organization will need to move forward in implementing an innovative and enabling cybersecurity program. This program needs to be organization focused and responsive to the changing threat landscape. To implement such an organization-wide program Tom needs someone with the right skills and attributes. The role of the CISO is not only one that requires a strong command of security technology. It is even more critical that the CISO be an organization contributor and organizational leader as well.

The Evolving Information Security Professional

As the need to protect information from compromise and misuse, and the capabilities of hackers have changed over the years, so too has the role and responsibility of information security professionals. The role that is perhaps experiencing the greatest change is that of the chief information security officer (CISO). In the early days of what was initially called data security, there was little need for someone to lead protection activities. Security was mainly a matter of maintaining access lists within products such as the RACF, Top Secret, or ACF2. While technical staff responsible for these systems might have been given a security specific title, they were part of the information technology (IT) ...

Get The Cyber Risk Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.