InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
Business information security officers (BISOs) work closely with the central information security team, but they have very different roles within an organization. BISOs act primarily as liaisons between the central information security program (which is owned by the CISO) and the business, helping the business understand and implement security policies and processes while also helping translate business priorities to the main
information security team. This piece provides a detailed overview of the BISO role and explains how it works to improve both business and security outcomes.
The BISO is an emerging role that acts as a liaison between an organization’s business units and its cybersecurity function. BISOs must become familiar with the businesses they support and understand the overall business’s strategic roadmap.
They then align those with the cybersecurity function’s priorities and initiatives, advancing the information security posture across the organization and, essentially, filling the gap between business operations and cybersecurity program management.
The BISO’s responsibilities extend across a variety of tasks and include supporting core security functions with the following:
Successful BISOs typically possess:
Examples of projects that effective BISOs often participate in:
Additionally, the BISO is the first point of contact for escalation of issues, whether from the business to cybersecurity, or the opposite. Once issues are received, the BISO should gather pertinent information and triage appropriately. The level of involvement
of the BISO will vary depending on the issue escalated, however, they should facilitate exchanges with key personnel and track progress through completion.
Information security programs are owned by the organization’s CISO. BISOs are responsible for ensuring the vision of the CISO is executed across the organization through their individual portfolios. Through relationship management, influence, and
negotiation, the BISO role is more of a facilitator who supports both the core security function and helps business units improve the cybersecurity program’s maturity by encouraging collaboration, ensuring relevance and driving results.
If effectively empowered and aligned, BISOs serve as “mini CISOs” to the organizations within their portfolio. The BISO is one of the few roles that supports the priorities of both the business and the information security function, ensuring
relevance, driving collaboration and enhancing program maturity.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
May 19, 2022
By IANS Faculty
Understand potential security risks for executives on social media. Find information on attack trends and guidelines to help identify potential attacks and keep both social media accounts and the organization secure.
May 17, 2022
Learn how to make progress with zero trust, including common zero trust use cases, success stories, tooling guidance and tips for effectiveness.
May 12, 2022
Gain an understanding of the role executives play in incident response (IR). Find guidance on key actions to take before, during and after a security incident.