Three management positions most commonly associated with information security within a given organization are the chief executive officer (CEO), chief information officer (CIO), and chief information security officer (CISO). CEO is fairly self-explanatory as the person in charge of running the company as a whole. Although information management and information security specifically is not the central component of the CEO’s responsibilities, it is, nevertheless, an aspect of it. The CIO defines how the company structures, handles, stores, and, among other things, secures the information in the course of its functioning (Whitman & Mattord, 2018). Like the CEO, CIO is usually an executive-level position and often acts as a consultant and advisor to the CEO in information-related matters. A for CISO is the person in charge of devising, implementing, and monitoring measures designed to ensure the security of information handled within the company (Whitman & Mattord, 2018). Unlike the two above, CISO is rarely an executive-level position, and those occupying it usually answer to the CIO. As a subordinate, CISO is considered to be one of if not the most important advisors to the CIO.
Overall, the scheme outlined above is a fairly good one for sufficiently large companies. Its main strength lies in clear specialization for each of the positions involved. CEO pursues the organization’s foremost goal and cares for information management insofar as it is conducive to that, CIO handles information management as a whole, and CISO responds to information security specifically (Whitman & Mattord, 2018). CISO reporting to CIO rather than the chief security officer (CSO) makes sense because information security relates more closely to overall information management than the physical safety of personnel and assets. Admittedly, smaller companies may be unable to establish all three positions, in which case CISO’s duties may be distributed between CIO and CSO. Still, for larger entities, this seems like a well-outlined setup.
Reference
Whitman. A. E., & Mattord, H. J. (2018). Principles of information security (6th ed.). Cengage Learning.