Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Security organisation approaches

From: "sami seclist" <sg.seclists () gmail com>
Date: Wed, 20 Sep 2006 12:39:49 +0100
hi all,
I'd like to discuss on this list some aspects related to the structure
of infosec management system, and to the differences between
francophon and anglosaxon (and others if any) approaches.


People and structures usually involved in infosec within an anglosaxon
culture company are CSO (Chief Security Oficer), CISO (Chief
Information Security Officer, CIO/CTO (Chief Information/Technology
Officer), CEO (Chief Executive Officer), and the information security
steering comitee.
According to csoonline.com, "The CSO will oversee and coordinate
security efforts across the company, including information technology,
human resources, communications, legal, facilities management and
other groups, and will identify security initiatives and standards.
The candidate's direct reports will include the chief information
security officer and the director of corporate security and safety."

On the other hand, in francophon culture companies (or at least those
I know), the  CISO (RSSI in french), usually reports to the CEO (DG),
or CTO (DSI). Physical and personnel security are not under the
responsibility of a unique manager, but coordination is possible
within the IS steering comitee.

In the particular case where the CISO reports directly to CEO, who
will be given security systems (antivirus, firewall, proxy, ...)
administration responsibilities, the CISO team, or a team under the
CIO ? In the latter case, the role of the CISO will be limited to risk
assessment, security policy an procedure maintenance, and the control
of application of the policy.

Any comments on this ?

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: