Against this backdrop, it is indispensable for almost any company and organisation today to have a sufficiently competent Chief Information Security Officer (CISO), or at least a person who has some basic knowledge of information security management. A Chief Information Security Officer is responsible for managing the information security of a company or organisation and has the best overview of the current security situation of the company’s most valuable data and information assets. If there is no CISO in a company, there is no central manager who would be competent to make decisions in all matters related to information security. This may lead to a lack of coordination and oversight of the organisation’s information security, which in turn may increase the risk of cyber-attacks, data leaks and other security incidents.
The main task of a CISO is to ensure the achievement of the three objectives of information security: availability, integrity and confidentiality. To ensure that these objectives are met, the CISO consistently manages the implementation of technical and organisational protection measures and the monitoring of their functioning within the company. They make sure that the measures comply with the best information security standards in the context of changing circumstances.
Today, the role of a CISO is often primarily associated with protecting the company’s IT-specific assets, but in fact, important (sensitive) information is not only in digital format. Therefore, a CISO must ensure that effective safeguards are in place to protect the company’s information regardless of its format, whether it is digital, on paper or transmitted orally.
A CISO is a top expert, and to be able to perform the duties of this position requires a sound knowledge of information technology and experience in managing people and processes. Due to the ongoing technological innovation, a CISO needs to stay abreast of the latest developments in information security. Therefore, it usually takes considerable resources to maintain a CISO’s competence in-house. However, today’s highly competitive labour market makes it extremely difficult to find talented people and to keep them professionally competent and motivated.
This is where KPMG’s CISO as a service (CISOaaS) can be a solution for companies:
CISOaaS enables companies to acquire the competence of a CISO without having to search for a specialist in the labour market, hire them and maintain their competence in-house.
Senior Cyber Security Advisor
KPMG Baltics OÜ
Mihkel Kukk, Head of Cyber Security Services at KPMG, says that artificial intelligence cannot rep..
The joint organisation of Enterprise Estonia and KredEx, together with the State Information Syste..
The most cost-effective way for companies and other organisations to identify their cyber security..
Almost every company is targeted by cybercriminals in one way or another. KPMG cyber security expe..
Artificial intelligence (AI) and machine learning (ML) offer many benefits for businesses, but wid..
Provide a safe and sustainable business environment for your company! We will help you build a resilient and reliable digital world, even in the face of changing threats.
HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.
Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.
Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.