Information security can only be ensured at a high level of quality under the leadership of a competent Chief Information Security Officer

Against this backdrop, it is indispensable for almost any company and organisation today to have a sufficiently competent Chief Information Security Officer (CISO), or at least a person who has some basic knowledge of information security management. A Chief Information Security Officer is responsible for managing the information security of a company or organisation and has the best overview of the current security situation of the company’s most valuable data and information assets. If there is no CISO in a company, there is no central manager who would be competent to make decisions in all matters related to information security. This may lead to a lack of coordination and oversight of the organisation’s information security, which in turn may increase the risk of cyber-attacks, data leaks and other security incidents.

The role of a Chief Information Security Officer, or CISO

The main task of a CISO is to ensure the achievement of the three objectives of information security: availability, integrity and confidentiality. To ensure that these objectives are met, the CISO consistently manages the implementation of technical and organisational protection measures and the monitoring of their functioning within the company. They make sure that the measures comply with the best information security standards in the context of changing circumstances.
Today, the role of a CISO is often primarily associated with protecting the company’s IT-specific assets, but in fact, important (sensitive) information is not only in digital format. Therefore, a CISO must ensure that effective safeguards are in place to protect the company’s information regardless of its format, whether it is digital, on paper or transmitted orally.

CISO as a service (CISOaaS) – who can benefit and how?

A CISO is a top expert, and to be able to perform the duties of this position requires a sound knowledge of information technology and experience in managing people and processes. Due to the ongoing technological innovation, a CISO needs to stay abreast of the latest developments in information security. Therefore, it usually takes considerable resources to maintain a CISO’s competence in-house. However, today’s highly competitive labour market makes it extremely difficult to find talented people and to keep them professionally competent and motivated.

This is where KPMG’s CISO as a service (CISOaaS) can be a solution for companies:

• by assessing the needs of different companies, we have created a service that allows you to outsource CISO’s responsibilities;
• the service is provided by our top experts who have relevant experience and internationally recognised professional certificates;
• the content of our CISOaaS is not provided by a single KPMG expert, but we offer our clients a whole team;
• our team members have experience working as CISOs, IT system administrators and physical security experts, as well as in computer network and web application penetration testing, digital forensics and much more.
  

CISOaaS enables companies to acquire the competence of a CISO without having to search for a specialist in the labour market, hire them and maintain their competence in-house.

Igmar Ilves
Senior Cyber Security Advisor
KPMG Baltics OÜ