What does CISO do?


Today, the role of the CISO is often primarily associated with protecting the company’s IT-specific assets, but in fact, important (sensitive) information is not only in digital format. Therefore, the CISO must ensure that effective safeguards are in place to protect the company’s information regardless of its format, be it digital, on paper or transmitted orally.

Here are some of the activities that CISO does on a daily basis:

  • developing, documenting and implementing information security procedures and policies, and keeping them up-to-date
  • advising company management on information security issues (and drawing their attention to problems)
  • checking performance of IT specialists (and other specialists responsible for security) from the point of view of availability, integrity and confidentiality of information
  • educating the employees about the company's security rules and information security best practices
  • organising tender processes for vulnerability assessment and penetration testing contracts
  • ensuring the implementation of ISO/IEC 27001 and other information security standards
  • managing security incidents and coordinating responses
  • developing and keeping up-to-date the plan for patch management (including security patch management)
  • being responsible for aspects of physical security (or, if there is a security manager, cooperating with the security manager)

What is CISOaaS?

CISO is a top specialist, and the ability to perform the tasks of this position requires extensive knowledge in (information) technology, as well as experience in managing people and processes. Finding suitable people for this position is extremely difficult in today’s highly competitive job market.

Due to the fact that technologies are in a constant state of change and renewal, CISO must keep up to date with the latest developments in information security – which is why, as a rule, maintaining CISO’s competence also requires considerable resources. This is where KPMG’s CISO-as-a-Service (CISOaaS) comes to the aid of companies, enabling them to gain CISO competence without having to search for a corresponding specialist in the labour market, hire them and maintain their competence.

1. KPMG high-level professionals,
who have experience in CISOaaS projects and hold internationally recognised professional certifications, including CISA, CISM, CISSP, CRISC, CGEIT, ISO 27001 Lead Auditor, and GSEC, will be at your disposal.

2. Our CISOaaS is not provided by a single KPMG expert –
a whole team of experts with diverse experience will be at the client’s service. Our team members have experience working as CISOs, IT system administrators and physical security experts, as well as in computer network and web application penetration testing, digital forensics, secure code review and much more.

Turn threats into opportunities

Provide a safe and sustainable business environment for your company! We will help you build a resilient and reliable digital world, even in the face of changing threats.

KPMG Baltics OÜ

+372 626 8700
itaudit@kpmg.ee
Ahtri 4, 10151 Tallinn, Estonia
 ${item.title}
KPMG Baltics KPMG Küberkaitse KPMG Global Privacy Policy
 Oma veebilehel kasutame küpsiseid. Küpsised aitavad analüüsida veebiliiklust ning annavad meile statistilist teavet.
Email again:

HR assessment 

HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.
Email again:

Threat assessment

Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.
Email again:

Maturity assessment

Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.
Email again: