View The Document

Accession Number:

AD1046633

Title:

Structuring the Chief Information Security Officer Organization

Personal Author(s):

Allen,Julia H.

Crabb,Gregory

Curtis,Pamela D.

Fitzpatrick,Brendan

Mehravari,Nader

Tobar,David

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States

Report Date:

2015-09-07

Abstract:

Chief Information Security Officers CISOs are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with todays increasingly expanding and dynamic cyber risk environment. Many opinions and publications express a wide range of functions that a CISO organization should be responsible for governing, managing, and performing. How does a CISO make sense of these functions and select the ones that are most applicable for their business mission, vision, and objectives This report describes how the authors defined a CISO team structure and functions for a large, diverse U.S. national organization using input from CISOs, policies, frameworks, maturity models, standards, codes of practice, and lessons learned from major cybersecurity incidents.

Descriptive Note:

Technical Report

Pages:

0048

Descriptors:

INFORMATION SECURITY

COMPUTER SECURITY

COMPUTER SECURITY TECHNIQUES

MANAGEMENT

ORGANIZATIONAL REALIGNMENT

REORGANIZATION

Identifiers:

CISO(chief information security officers)

is(Information security)

function

department

Subject Categories:

Computer Systems Management and Standards

Administration and Management

Communities Of Interest:

Cyber

Distribution Statement:

Approved For Public Release;

Contract Number:

FA8721-05-C-0003

File Size:

2.01MB

View The Document