Diverse skills needed for CSO function, group says

The job requires understanding of a range of IT and other risks, says ASIS International. A knowledge of information security risk management is just one of the many skills a chief security officer needs for crafting, influencing and directing an effective organizationwide protection strategy. Increasingly, the job also calls for an understanding of issues as diverse as emergency preparedness, crisis management and response, physical security, disaster recovery, and privacy and regulatory matters. That’s the assessment of Alexandria, Va.-based ASIS International, a 33,000-member group of security professionals that this week released draft guidelines that companies can use when developing CSO positions. “There’s been a lot of discussion on the need for organizations to create a centralized governance function for many areas of risk,” said Jerry Brennan, president of Vienna, Va.-based Security Management Resources Inc. and one of the drafters of the document. The guidelines are the result of an attempt to give a formal definition of the scope, responsibilities for reporting relationships and experience needed to do the job, he said. Full Story