A CISO of any organization will be regularly involved in running vulnerability scans, penetration tests, and web application security assessments—among other technical operations. In this role, they’re checking to ensure that the software and hardware configurations in their organization and their vendor’s organizations are compliant with company and regulatory standards.
- Approve appropriate methods for the protection of mobile devices, computer networks and other communication channels
- Propose authentication methods, password policy, encryption methods, etc.
- Propose rules for secure teleworking
- Define required security features of internet services
- Define principles for secure development of information systems
- Review logs of user activities in order to recognize suspicious behavior