Research the role of the Chief Information Security Officer (CISO) to find answers to the following questions:
1. What is the role of the CISO in an organization?
2. What types of knowledge, skills, and abilities are most important for a successful CISO to have?
3. How can a CISO contribute to making security a priority during the system development life cycle (SDLC)? (Provide specific examples for two or more phases of the SDLC.)
Write a plain English summary of your research making sure that you provide a detailed answer for each question along with appropriate examples.
Your response must be 150+ words in length and contain APA format in-text citations and references.
Suggested Resource:
Brenner, B. (2010, November 2). The New CISO: How the role has changed in 5 years. CISO. Retrieved from https://www.csoonline.com/article/print/632223
2. Business Continuity Planning (BCP) is a critical business process which requires the participation of managers from all parts of the enterprise. The CISO and CISO staff members should be key players on the BCP team. In this learning activity you will learn more about the BCP process and then answer questions about CISO participation on this team.
Watch three Federal Emergency Management Agency (FEMA) videos on the importance of Business Continuity Planning (BCP). Follow these instructions to access the videos:
1. Open the READY.GOV Web site: https://www.ready.gov/business-continuity-planning-suite
2. Scroll down to the tabs and read the content under the tab labeled "Learn about the tools"
3. Click on the tab labeled "Business Continuity Video Training."
4. Click on and watch the first three videos on the Web page:
(a) Business Continuity Training - Introduction,
(b) Business Continuity Training - Part One What is Business Continuity Planning?
(c) Business Continuity Training - Part Two Why is Business Continuity Planning Important?
If you cannot view the videos, read the transcripts which are posted below this discussion question.
After you have watched the videos (or read the transcripts), reflect upon the relationship between business continuity planning and the overarching security requirements to protect the confidentiality, integrity, and availability of information and information systems EVEN DURING A DISASTER. Write a plain English explanation of this relationship. In your explanation, address the following:
Identify and discuss three reasons (from the videos) as to why business continuity planning is important to an organization's overall information systems security program.
Identify and discuss the harm that could occur if a business is not prepared to respond to a disaster which prevents restoration of business operations at the original site within 72 hours (3 days) -- the standard time criteria for invocation of a business continuity plan after a disaster has occurred.
How can the CISO and CISO staff members help to ensure that the BCP process appropriately addresses information systems security issues?