The role of the chief information security officer (CISO) within an organisation should extend to information technology and operational technology. However, where appropriate and practical to do so, responsibility for operational technology cyber security may be delegated by the CISO.
Within this section, the breadth of responsibilities for information technology and operational technology are collectively referenced under the banner of cyber security.
The role of the CISO requires a combination of technical and soft skills, such as business acumen, leadership, communications and relationship building. Additionally, a CISO should adopt a continuous approach to learning and up-skilling in order to maintain pace with the cyber threat landscape and new technologies. It is expected that a CISO show innovation and imagination in conceiving and delivering cyber security strategies for their organisation.
Further information on responding to cyber security incidents can be found in the ‘Managing cyber security incidents’ section of the Guidelines for cyber security incidents.
Further information on the development of a cyber security strategy can be found in the ‘Development and maintenance of cyber security documentation’ section of the Guidelines for cyber security documentation.
Further information on cyber supply chain risk management can be found in the ‘Cyber supply chain risk management’ section of the Guidelines for procurement and outsourcing.
Further information on the procurement of outsourced services can be found in the ‘Managed services and cloud services’ section of the Guidelines for procurement and outsourcing.
Further information on cyber security awareness training programs can be found in the ‘Cyber security awareness training’ section of the Guidelines for personnel security.
18 controls