Roles and responsibilities in information security management – the role of a CISO

CYBERS 24.10.2023

In this episode of the KüberCast podcast, we delve into the world of information security management and explore the role of the CISO, or Chief Information Security Officer, within a company. Hosted by Ronnie Jaanhold and Siim Pajusaar, our guest for this episode is Jüri Voronov, an experienced CISO. Here are some key takeaways from the podcast.

Can the IT manager and CISO role be combined?

Not ideally. Jüri Voronov explains that information security management differs significantly from traditional IT and risk management roles. IT managers primarily focus on the efficiency and continuity of their work, while information security managers must ensure that all organizational leaders act within their expertise and do not jeopardize information security processes and regulations.

The role of an information security manager is to identify risks, bring them to the attention of the executive team, and create a plan to mitigate these risks while supporting the company’s business strategy. The primary goal is to unite various stakeholders to protect the company’s information and ensure its security. When roles overlap (such as an IT manager also serving as a CISO), the results may not always be as reliable due to a lack of role separation.

Should all companies have an information security manager?

It depends on the kind of information a company wants to protect. Smaller companies may find it easier to outsource information security management, but this decision primarily requires awareness from the company’s leadership and an understanding of the value of the company’s data as a significant asset. The most challenging task for a CISO is to explain to the executive team the significant investments and changes required to enhance the security level. In practice, action is often not taken until an incident has already occurred.

Speaking of unpleasant scenarios for a CISO, one of the worst-case scenarios mentioned was a “ransomware attack resulting in the loss of backups and the inability to recover data.” Such potentially very costly situations can only be prevented through conscious and consistent action.

The many faces of the CISO role

The role of an information security manager is highly multifaceted and requires a deep understanding of both technical and strategic aspects. Jüri Voronov adds some additional facts about the CISO role:

  1. Strategic Management: The CISO is responsible for developing an information security strategy that aligns with the company’s overall business strategy. This involves assessing risks and setting priorities to ensure information security strength and compliance with regulations.
  2. Technical Level: While the CISO does not need to be solely a technical expert, it is essential for them to have a deep understanding of technologies and risks. This allows effective communication with technical teams and an understanding of complex security risks.
  3. Crisis Management: The CISO must be prepared to lead in emergencies and respond swiftly to security incidents. This includes creating plans for handling attacks and data breaches.
  4. Communication Skills: The CISO must be able to explain complex information security concepts to non-technical leaders and other stakeholders. Communication skills are crucial in persuading the executive team to make necessary investments.

Podcast in estonian: KüberCAST 22 | CISO positsioon ettevõttes

Share

Share

Latest blog posts

03.06.2024

Major milestone in cybersecurity: CYBERS integrated into NEVERHACK’s ecosystem

Press release: CYBERS joins NEVERHACK SAS, a leading European cybersecurity group, to enhance its market position, expand reach, and offer added value to its clients.

Keep reading
13.05.2024

Strategic Merger Unites CYBERS and NEVERHACK: A New Dawn in cybersecurity

CYBERS and NEVERHACK Merger: A Game-Changing Alliance in cybersecurity

Keep reading
21.03.2024

Securing the future: uniting service design and cybersecurity for digital excellence

Explore the fusion of service design and cybersecurity in our latest blog post, inspired by KüberCAST’s enlightening episode with Andres Kostiv. Learn how this integration not only enhances digital service innovation but also fortifies user trust and safety in the evolving digital landscape.

Keep reading