Actionable Advice from Practitioners in Four Industries
This white paper series includes three papers:
- Business Information Security Officer Role, An Overview
- Structuring a BISO Role for Success: Responsibilities, Organizational Approaches, and Performance Indicators in the Business Information Security Officer Role
- Mapping the BISO Career
This series was written collaboratively by members of the Financial Services , Health, and Retail and Hospitality Information Sharing and Analysis Centers, all of them leaders and expert practitioners.
The partnership across companies and industries demonstrates the value of collaboration on cyber defense. Threats cross departments, industries, and borders.
1. Business Information Security Officer Role, An Overview
Strengthening one sector’s cybersecurity and resilience ultimately strengthens all of
them.
Executive Summary
Cybersecurity incidents can disrupt customer services and business operations, impacting companies’ reputations and profitability. The evolving threat landscape and emerging technologies are accelerating the need to mature the security capabilities of business and technology teams and ensure a close partnership with cybersecurity.
Many companies have implemented the Business Information Security Officer (BISO) role to help solve that challenge. The BISO acts as a liaison between business and cybersecurity, translating “security and compliance speak” into meaningful guidance and real-world recommendations. As a conduit between teams, BISOs reduce cyber risks, support business and compliance needs, and help companies manage risk and meet business objectives on time.
Though BISOs are becoming increasingly common, the responsibilities and requirements of the role and its programmatic implementation and structure are not yet standard across industries. Lack of definition makes it more difficult for companies to build effective BISO programs or optimize existing ones. To help businesses build – or build out – a BISO program, experts in over a dozen companies in four industries developed this series of three white papers. The documents detail the BISO function and offer a comprehensive examination of organizational structures, tactical advice, and lessons learned from real-world experience.
2. Structuring a Biso Role for Success
Responsibilities, Organizational Approaches, and Performance Indicators for Business Information Security Officers
Executive Summary
From large multinational corporations to smaller, more local firms, the Business Information Security Officer (BISO) role is becoming increasingly common in multiple industries.
The BISO is a liaison between business and cybersecurity, ensuring the security of the enterprise’s information and technology assets, building trust between business, technology, and cybersecurity teams, and translating business requirements and cyber risks to various functions.
While the role of BISO has become familiar in many organizations’ cybersecurity programs, the structure of the BISO function varies. To some extent, the lack of standardization reflects the differing needs of companies and industries, but a common understanding of the role would help businesses better implement BISO programs, determine the scope of the role, and evaluate success in it.
To that end, experts in over a dozen companies in four industries developed this series of three papers. The documents detail the BISO function, define its responsibilities and evaluation criteria, and provide considerations for companies navigating a changing business and regulatory environment.
This is the second white paper in the series. Written for executives, leaders, and cybersecurity professionals, it examines:
- The responsibilities of the role and areas of BISOs’ particular focus
- Approaches to organizational alignment and role structure
- Obstacles to success in the role
- Guidance on performance measurement
- The cultural attributes that support BISO performance
Though companies should mold the role according to their sector, business needs, and risk appetite, aspects of the BISO role are universal: all BISOs must understand the cyber risks their business faces, translate those risks to leaders and teams, and implement risk management strategies that work. The experience of experts can help companies achieve those aims – and maximize the benefit of this vital function.
3. Mapping the BISO Career
The Development of an Effective
Business Information Security Officer
Executive Summary
Digitalization enables greater speed, scope, and customer service offerings, but it also creates cyber risks. As more and more operations expand their digital environment, businesses must balance the benefits and risks — often a complex decision-making process involving many teams and leaders.
To help with that process, more and more companies have established the Business Information Security Officer (BISO) role in their organizations. BISOs serve as liaisons between the business and cybersecurity functions who drive the enterprise’s cyber agenda into the business through communication, facilitation, and implementation.
This white paper, the third in a series, examines the qualities of effective BISOs, their development, and their career path. Written collaboratively by experts in over a dozen companies in four industries, it provides an:
- Overview of the BISO role
- Description of the necessary skillsets — communication, executive presence, and relationship management — of BISOs
- Details on career progression, including education and certification
This series of white papers was written in collaboration by experts across industries. Their intention is to provide executives with practical guidance and a real-world perspective on the Business Information Security Officer role.
BISOs play an important part in translating cyber risk to business leaders and business needs to cybersecurity risk managers. In an interconnected digital environment and an evolving threat landscape, BISOs can have substantial impact on operations, profitability, and continuity — in every sector.
