The role of CIO has changed with the ever-changing technology and “the position of CIO became critical to achieving business objectives” (Arnett, Beatty, & Liu, n.d., p. 2). The CISO is the chief information security officer and they report to the CIO and the CIO reports to the CEO of the organization. “The CIO and CISO play important roles in translating overall strategic planning into tactical and operational InfoSec plans” (Whitman & Mattord, 2013, p. 50). The CIO is responsible for numerous roles in the organization such as creating security policies, take care of security breaches, audits, and organizational compliance. The CIO puts CISO as well as the other IT department heads in the organization in charge of developing and implementing …show more content…
One of the information security policies are general or enterprise InfoSec policy (EISP). EISP is a security policy that supports an organization’s vision and it is the basis of all their security efforts. The chief information officer(CIO) is the one that usually creates the policy for the organization and this policy can be anywhere from two pages to ten pages and the only time there needs to be any kind of change in this policy is if the organization changes its strategies. The EISP helps implement and manage security for the organization as well assigning roles to the people who will be in charge of the security for the organization. It also talks about compliance and “according to the National Institute of Standards and Technology, the EISP typically addresses compliance in two areas: (1) general compliance to ensure meeting the regulations to establish a program and the responsibilities assigned therein to various organizational components and (2) the use of specified penalties and disciplinary actions” (Berra, n.d., p. 77). After the policies are created, the chief information security officer (CISO) is the one who starts implementing the policies with his security team. Each organization has their own essentials to these types of policies …show more content…
Those three types of usage strategies are hot site, warm site, and cold site and with these continuity strategies the organization is the only one that can use the facility without having to share access with any other organization. “A hot site is a fully configured computer facility, with all services, communications links, and physical plant operations” (Whitman & Mattord, 2013, p. 109). The hot site is the more expensive one because it is a duplicate of the original facility but only has the latest date the was backed up as well as the people that are needed to make the site functional. A disadvantage to this site is that it has to have maintenance done of the systems and other equipment as well as needing the right security. It is considered the best choice if the facility needs to be recovered quickly. A good place to have this strategy would be an organization that has a lot of information going in and out on a daily basis and when a disaster strikes and their computer or equipment is damaged. They need the information back up right away to get back to business so they set up a hot site duplicating their facility to get it going as soon as