What is a CISO and what is the difference between an ISO and a CISO?

Welcome to our vCISO questions and answers series where I'll talk about frequently asked questions that we get regarding the virtual Chief Information Security Officer role.

What is a CISO? And what does it do in a bank or credit union?

The CISO is really the strategic driver of the leadership role in your cybersecurity program. That role is going to make sure that the pieces are all moving in the same direction. It becomes a critical role in a successful, efficient, effective information security program.

The CISO is one of four parts that we feel make up the components of a successful program.

1.  IT and Operations: These are the folks that keep the lights on they keep the machines working. Usually, your CTO or IT officer is running this area.
2. Monitoring: This might be an outsourced SIEM you might be doing this in-house as well. 
3. CISO: Works with those other two areas to make sure things are working correctly.
4. Audit: Usually that's done by an outside auditor and wraps around everything else to make sure that the pieces are working as they should.

What's the difference between an ISO and a CISO?

Well, simply put there's really not a difference. Back in the day, the ISO (Information Security Officer) was the role. But recently the FFIEC came out and said this really needs to be the Chief Information Security Officer. So, for that reason that's what we use. In some larger organizations, you might have a Chief Information Security Officer and Information Security Officers reporting under him or her, but for the purposes of this video series, we're going to use them interchangeably.

I hope you found this video helpful. If you'd like to know more, you can download our vCISO Whitepaper or email us at any time at support@bedelsecurity.com.