Executive Security Management

Executive security management involves acting as the enterprise control function for implementing and verifying the implementation of enterprise protection designed to meet the duty to protect by adequately protecting the things that have to be protected. Specifically, it is the task of the chief information security officer (CISO) to apply the power and influence of their position to effectively control the protection program.

The major role of the CISO is in defining the organizational governance architecture for security and implementing an effective control scheme over organizational perspectives and business processes that implement that architecture. An indirect effect of this activity produces the control architecture, technical security architecture, protection processes, protection mechanisms, and content and its business utility, however the CISO rarely has direct control over any of theses things. The role of the CISO also extends to direct responsibility over business and people life cycle issues.

The CISO or equivalent business executive who is tasked with governing the enterprise security process is an executive level individual with great responsibility, regularly reporting to the CEO and the board of directors, and intimately involved with and understanding the issues underlying large-scale business decisions. As such this individual is a key member of the enterprise executive management team.

For more details and in-depth coverage of these issues, download and read "Enterprise Information Protection"