The Chief Information Security Officer (CISO) has to be an all-rounder, knowing somewhere between the detailed vision of an engineer, up to the business insights of a CEO. Still, one can’t know it all, so choices have to be made. Technology is a special case, therefore a quick view on the requirements of a good CISO to fulfill his or her duties.
Technology is without a doubt a fast moving target. Even the diehard techies can’t always keep up with the new technologies. Yesterday it was the cloud, now it is big data and soon it will be quantum crypto for mobile devices. If you are a CISO, or want to become one, it’s good to have a good solid basis of technology knowledge. You don’t have to know all details, nor have to be able to manage it yourself. Still, there are some areas in which you want to specialize sometimes a little bit more, to renew your existing knowledge.
Important areas which always were and will be important are:
- Operating System
- Security devices like firewall, Intrusion Detection System (IDS) or Intrusion Prevention System (IPS), crypto tokens etc.
All locations where data (or better: information) is entered, transferred, processed or stored, need proper security controls. Basic understanding of the technology helps in determining the risks involved within these areas. Additionally it also brings additional understanding what technology can be applied to achieve accepted levels of residual risk.