The importance of the CISO

A cyberattack can affect us all if we do not have the appropriate security measures and a specialized team to implement them. It is a mistake to think that smaller companies are not vulnerable, since any SME must protect their data, an asset that is increasingly valued by cybercriminals.

Within the roles of cybersecurity, it is very common to find the acronym of a CISO, CIO, CSO, CTO, CEO, among others. As shown in the following organizational model of the company:


In this article we are going to talk about the figure of the CISO (Chief Information Security Officer), the director of the information security, a role that has undergone an important evolution and that is no longer a technical professional outside the strategy to join the business processes, standing out with a fundamental role inside the organization, so much so that Spain requires companies to delegate a CISO security manager.

Apart from having recognized certifications in the field of computer security, other skills are increasingly being highlighted such as having a business vision, leadership, communication skills, etc.

Among the responsibilities of the CISO, it is worth highlighting the generation and implementation of information security policies and guaranteeing the security and privacy of the communities. Supervise the administration of access control to information and the regulatory compliance of information security. He is the person responsible for the company’s response team.

Therefore the CISO has a fundamental role, currently the companies have adapted to the European Regulation of Protection of Dades, the NIS Directive, the PSD-2 Directive …

* The INCOMPLIMENT of the General Regulation for the Protection of Data (RGPD) may imply significant sanctions.

The clauses that facilitate the CISO’s success, as is the reference in the CISO’s White Book, are the Independence to be able to have an objective view of the level of exposure to risks, empowerment and the organizational position that depends on the organization or complexity of the company.

Some of the certifications that a CISO should have are the CCSP, CDPD, CDPP, CISA, CISM, CISSP, CRISC, SSCP, among others.

The CISO As a Service, is an outsourced security professional or provider that offers its time and knowledge to an organization on an ongoing basis, usually part-time and remotely.

If you want more information or advice, contact us.