InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
Business information security officers (BISOs) work closely with the central information security team, but they have very different roles within an organization. BISOs act primarily as liaisons between the central information security program (which is owned by the CISO) and the business, helping the business understand and implement security policies and processes while also helping translate business priorities to the main
information security team. This piece provides a detailed overview of the BISO role and explains how it works to improve both business and security outcomes.
The BISO is an emerging role that acts as a liaison between an organization’s business units and its cybersecurity function. BISOs must become familiar with the businesses they support and understand the overall business’s strategic roadmap.
They then align those with the cybersecurity function’s priorities and initiatives, advancing the information security posture across the organization and, essentially, filling the gap between business operations and cybersecurity program management.
The BISO’s responsibilities extend across a variety of tasks and include supporting core security functions with the following:
Successful BISOs typically possess:
Examples of projects that effective BISOs often participate in:
Additionally, the BISO is the first point of contact for escalation of issues, whether from the business to cybersecurity, or the opposite. Once issues are received, the BISO should gather pertinent information and triage appropriately. The level of involvement
of the BISO will vary depending on the issue escalated, however, they should facilitate exchanges with key personnel and track progress through completion.
Information security programs are owned by the organization’s CISO. BISOs are responsible for ensuring the vision of the CISO is executed across the organization through their individual portfolios. Through relationship management, influence, and
negotiation, the BISO role is more of a facilitator who supports both the core security function and helps business units improve the cybersecurity program’s maturity by encouraging collaboration, ensuring relevance and driving results.
If effectively empowered and aligned, BISOs serve as “mini CISOs” to the organizations within their portfolio. The BISO is one of the few roles that supports the priorities of both the business and the information security function, ensuring
relevance, driving collaboration and enhancing program maturity.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
December 2, 2021
By IANS Faculty
As the end of the year approaches, security leaders are starting to plan their strategic and tactical roadmaps for the year ahead. Here is a list of three security initiatives to consider in 2022.
November 30, 2021
The most valuable server and endpoint security metrics for security teams tend to help improve the security program overall. Here is a list of key server and endpoint security metrics to use for reporting.
November 23, 2021
Understand how data lakes differ from SIEMs, and guidance for planning, building, and securing a security data lake.