Skip to content
Log in

CISO (Chief Information Security Officer)

Definition

The senior executive responsible for developing and maintaining the information security programme. The CISO reports to the board or a board committee and translates the organisation's risk appetite into programme strategy, policy, and resource allocation.

Related terms

Three lines of defence
A governance model that separates security responsibility into three distinct layers: operational management that owns controls (first line), risk and compliance functions...
Audit committee
A sub-committee of the board of directors composed principally of independent non-executive directors, responsible for overseeing financial reporting, internal controls, and the...
First-line controls
Controls owned and operated by the business units and IT functions that process or store information. The first line is accountable for...
Governance, Risk, and Compliance (GRC)
An integrated discipline that combines governance structures, risk management processes, and compliance monitoring into a unified programme. GRC platforms and frameworks allow...
Policy hierarchy
The layered document set that translates governance intent into operational requirements. Tiers typically run: information security policy, topic-specific policies, standards, procedures, and...
Risk appetite
The amount and type of risk an organisation is willing to accept in pursuit of its objectives, as defined by its governing...
Second-line oversight
The risk management and compliance functions, including the CISO office and the risk function, that set policy, monitor control effectiveness across the...
Security governance
The set of structures, roles, policies, and accountability mechanisms by which an organisation directs, controls, and monitors its information security activities. Governance...
Security steering committee
A cross-functional management body, typically chaired by the CISO or Chief Risk Officer, that coordinates security priorities across business units, approves major...

Explained in these topics

  • Security Governance Frameworks OverviewThe senior executive responsible for developing and maintaining the information security programme. The CISO reports to the board or a board committee and tran...
  • Security Governance Structures and RolesThe senior executive accountable for the organisation's information security programme. Responsibilities span strategy, risk management, control oversight, reg...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account