InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
The Business Information Security Officer (BISO) serves as a trusted security advisor to the lines of business in an organization. A liaison between groups, the BISO translates business
priorities to the security team, helps the business understand security policies and communicates metrics to senior leadership. Still a relatively new and slightly controversial discipline in cybersecurity, the BISO role can be challenging because many organizations don’t understand how to make the role work and may not feel it is necessary.
BISO roles are coming into focus now as CISO roles continue to shift from significantly technical to a strategic function with a broader business perspective to navigate a complicated risk and regulation landscape.
This piece explains why the BISO role is important, the skills BISOs need for success and how to effectively integrate the BISO into an organization.
BISOs are beneficial in organizations that have specific business units with differing goals or customer bases. This includes large multi-unit companies, or organizations functioning as a collection of businesses, but with separate operations, regulations
and markets. Many industries like financial services, insurance and manufacturing operate in a risk-filled environment, which is why cybersecurity should be viewed as a risk management function.
When structured and integrated correctly into the information security and business groups, the BISO can be a valuable resource. However, if the BISO role has accountability but no responsibility or authority, then the role can be perceived as unproductive
and create strained relationships. The security team, business execs and leadership should be included in the role development process to collaborate on what each group needs for the role.
In partnership, BISOs and CISOs work together to interact more with leadership at the strategic level. Effective BISOs can help integrate security smoothly into business processes, sensitive data assets and employee best practices.
READ: The BISO Role: Where Business Meets Security
If effectively empowered and aligned, BISOs openly support the CISO and the business, enforcing a strong security culture. BISOs fill and bridge gaps, providing seasoned cybersecurity leadership. They speak the right language, minimizing risk for the
business, employees and customers.
Ultimately, communication skills and relationship-building are keys to BISO success, enabling collaboration with different functional groups. Each function has different needs, so BISOs must speak directly to them.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
June 30, 2022
By IANS Faculty
Understand how zero-click attacks work and find best practices to help detect and prevent common zero-click techniques from harming your organization.
June 28, 2022
Find guidance on how to create meaningful security metrics and KPIs for measuring risk improvement across a variety of security areas, including vulnerability management, product security and more.
June 23, 2022
Gain an understanding of the latest insider data exfiltration threats, motivations and methods. Learn best practices for insider threat detection and data exfiltration prevention to protect your organization.