Security Basics mailing list archives
Security organisation approaches
From: "sami seclist" <sg.seclists () gmail com>
Date: Wed, 20 Sep 2006 12:39:49 +0100
hi all, I'd like to discuss on this list some aspects related to the structure of infosec management system, and to the differences between francophon and anglosaxon (and others if any) approaches. People and structures usually involved in infosec within an anglosaxon culture company are CSO (Chief Security Oficer), CISO (Chief Information Security Officer, CIO/CTO (Chief Information/Technology Officer), CEO (Chief Executive Officer), and the information security steering comitee. According to csoonline.com, "The CSO will oversee and coordinate security efforts across the company, including information technology, human resources, communications, legal, facilities management and other groups, and will identify security initiatives and standards. The candidate's direct reports will include the chief information security officer and the director of corporate security and safety." On the other hand, in francophon culture companies (or at least those I know), the CISO (RSSI in french), usually reports to the CEO (DG), or CTO (DSI). Physical and personnel security are not under the responsibility of a unique manager, but coordination is possible within the IS steering comitee. In the particular case where the CISO reports directly to CEO, who will be given security systems (antivirus, firewall, proxy, ...) administration responsibilities, the CISO team, or a team under the CIO ? In the latter case, the role of the CISO will be limited to risk assessment, security policy an procedure maintenance, and the control of application of the policy. Any comments on this ? --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Security organisation approaches sami seclist (Sep 20)