CISO Objectives

According to Wikipedia A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance

The key objectives for a CISO would be

  • Strategy
  • Communication
  • Compliance
  • Manage Risk
  • Incident Response

That said I believe that this is not just the job of the CISO. A Cloud Architect too needs to ensure that the design/ solution they come up with deals with these main objectives as well. At the end of the day all the points of concern can be clubbed under the 4 main pillars of:

  • Security and Compliance management
  • Identity and Access Management
  • Threat protection - Identify-Protect & Detect-Respond-Recover
  • Information Promotion