Section 32 of The Computer Misuse and Cybercrime (The Critical Information Infrastructure and Cybercrime Management) Regulations that prescribes the position of a Chief Information Security Information Officer also stipulates the his/her responsibilities which are
- Incharge of cybersecurity matters in the organization in which the critical information infrastructure is domiciled;
- developing, implementing, and enforcing security policies to protect critical information infrastructure;
- analysing information technology security threats in real-time and mitigating the threats;
- ensuring that newly-acquired technology with the cybersecurity standards;
- collaborating with the National Cybersecurity Operations Centre, Sector Cybersecurity Operations Centres and other relevant stakeholders to determine possible risks and risk complies management processes;
- advising the owner of a critical information infrastructure;
- creating cybersecurity awareness amongst members of staff and users; owner of a critical information
- assisting in detection, identification, prevention, response, and recovery measures for cyber threats risks or incidence in the organization; and
- ensuring compliance of the organization with the requirements of the Act and these Regulations
- the point of contact for the cybersecurity matters for the organization.
Additional Responsibilities
In Addition to what has been stipulated in section 32, the following are other responsibilities for the CISO within the Act itself. These are
- Third party cyber security risk assessment and maintenance of contracts
- Apply recommended baseline security controls for Critical Information Infrastrcture
- Manage physical and virtual access to critical infrastructure
- Manage the physical security around the Critical Information Infrastructure
- Participate in formal information sharing communities
- Carry out periodic Information Security Audit to ensure compliance of the security program as well as testing the controls that have been applied.
Security Operation Center
The CISO is in charge of building and maintaining a Security Operation Center for their organization. The following are the services that the SOC should be able to offer.
- Realtime event monitoring and analysis, log collection and aggregation
- Provide alerts
- Cyber Security Professionals whose responsibility is to prevent, detect, analyse and respond to threats
- Provide an Inventory of Assests
- Provide Vulnerability Management
- Have network detection and response
- Have endpoint detection and response
- Have the ability to analyse and test malware
- Provide Incident response and Management
- Have a threat intelligence platform
CISOs Responsibilities at a glance
They say a picture speaks a thousand words. If we go through all the responsibilities that have been listed, we will see that all of them fall within the six functions of the NIST Cyber Security Framework
Summary
The way I look at this is you have two major responsibilities at the heart of this.
- To prevent an attack from happening
- In case an attack is successful, you are well prepared to carry out investigations and recover quickly to normal business operations.
Everything else falls under these two. Documentation is at the heart of the responsibilities of a CISO to demonstrate due diligence