is an individual with organization-wide responsibility for security.
– Should be independent of other IS functions and report to either the COO or CEO.
– Must understand the company’s technology environment and work with the CIO to design, implement, and promote sound security policies and procedures.
– Disseminates info about fraud, errors, security breaches, improper system use, & consequences of these.
– Works with the person in charge of building security, as that is often the entity’s weakest link.
– Should impartially assess and evaluate the IT environment, conduct vulnerability and risk assessments, and audit the CIO’s security measures.
Chief Security Officer