Chief Information Security Officer (CISO)

What is a Chief Information Security Officer (CISO)?

Computer security is becoming increasingly important in the modern world, which is why CISOs, or Chief Information Security Officers, are highly sought after on the job market. People hired into this role are essentially security managers responsible for a company’s information security, as well as defining a protection strategy for all company assets and limiting any potential IT risks.


What does a Chief Information Security Officer (CISO) actually do?

These days,companies can no longer ignore the threat of cyber-attacks. That’s why CISOs are vital to guaranteeing company security, with policies that must abide by the latest European regulations concerning the protection of information systems, networks and data. IT security managers have the delicate task of making sure there are no dangerous data breaches at the company they are employed at.

Over the years, Cyber Security Officers have become increasingly important for organisations, so much so that at present, individuals in this particular role have close contact with the Board of Directors and report to the CIO, (the Chief Information Officer).


What are the duties of a Chief Information Security Officer?

It should be fairly obvious by now that CISOs play a key role in companies, which is why they must possess a specific set of skills that allow them to perform some fairly important duties.

First of all, they must be able to create and manage a precise corporate information security governance programme, defining a management and monitoring structure while taking into account ROI (Return on Investment) and cost/benefit analysis.

Cyber Security Management includes knowledge of legal issues, regulations, policies, procedures and standards related to information security. In fact, CISOs also deal with Security Risk Management, and Control and Audit Management, identifying various processes and business objectives in order to assess the likelihood of risk. Chief Information Security Officers regularly carry out checks and tests on information systems in order to ensure that protection is effective.

CISOs also deal with Security Programme Management & Operations. They are tasked with developing and monitoring budgets for information systems and controlling and estimating costings for various projects. They must also purchase and manage the resources needed to design and implement programmes, devising a specific team for the purpose.

People in this particular role also deal with Information Security Core Concepts. In fact, CISOs often define criteria for controlling and accessing data, as well as identifying the systems necessary to access various data, such as biometrics. Managers in this position also develop intervention plans for theft and phishing attacks, identifying how best to tackle the risk in question.

Chief Information Security Officers are aware of the vulnerability of wireless networks, and can assess the likely threat of malware, Trojans and viruses, but most importantly, any potential source of infection.

How do you become a Chief Information Security Officer (CISO)?

In order to become a Chief Information Security Officer, you need to have a high level of training, which includes detailed knowledge of IT and security practices, as well as those related to the business in question. Specialisations in this particular field can be acquired by enrolling in specific Master’s courses, which equip Cyber Security Managers with all the information they need to tackle cyber threats and apply the principles and practices of enterprise governance.

In general, CISOs play an executive and managerial role within a company. That’s why it’s vital that they receive adequate training, allowing them to create safety initiatives that are consistent with organisational business objectives and programmes, ensuring that technology and information assets are adequately protected.


What knowledge must a Chief Information Security Officer (CISO) possess?

These days, companies are taking their businesses online, increasing their presence (and their concrete actions) on the web. CISOs must therefore be in possession of full operational knowledge, combining technical, organisational and technological skills with communication and team coordination skills.

Cyber Security Managers must be aware of the problems related to information security present in the company in which they operate. Their computer skills must be varied and constantly updated in order to provide suitable solutions and countermeasures to new types of attack. This means that CISOs not only deal with cyber security in an operational sense, but also offer consultancy services in order to set guidelines for security policies and to ensure that they are respected.


How much can a CISO expect to earn?

Computer security is becoming an increasingly important issue, and CISOs are therefore highly sought after and well-paid individuals. Those tasked with protecting a company’s data and information have a delicate and important role that requires adequate reward. In the United States, for example, where the profession was created, a Cyber Security management expert can expect to earn $70,000 a year, while in Italy, the figure is closer to €40,000 a year, but of course, it all depends on the amount of training received and the professionalism that CISOs have to offer.


How a Master’s in Digital Technology Management at BBS could help you to become a ChiefInformation Security Officer (CISO)

A degree in computer engineering or IT is not enough to become a Chief Information Security Officer. Additional training is needed, and it’s often essential to have a Master’s degree that provides the necessary training on governance and IT security.

For those interested, Bologna Business School offers a Master’s in Digital Technology Management with a focus on Cyber Security.

The Master’s course is taught in English and consists of two study cycles, inclusive of an internship at the end of the course that allows you to put your skills into practice at a real company. The course lasts 12 months and addresses issues regarding information security, applied management, regulations and the economic and technical implications associated with this delicate profession.

The programme teaches managers how to plan interventions in order to protect against cyber-attacks, to assess the availability and vulnerability of data, and also to manage risk, allowing them to familiarise themselves with all legal, regulatory and methodological information relevant to the topic in question.