SAI HONIG
BISO – NO THAT IS NOT A TYPO by Sai Honig, Engagement Security Consultant at Amazon Web Services You have probably heard the title CISO or chief
technology? How do we prepare entire organisations
information security officer. Many companies have
when new technologies are rolled out? This is where
someone in this role. In some industries, such as
a business information security officer (BISO) may
finance or banking, the role is mandatory. According
be useful.
to ZDNet, a CISO is responsible for establishing security strategy and ensuring data assets are
A BISO is generally a senior cybersecurity leader
protected. CISOs traditionally work alongside the chief
whose duty it is to bridge the gap between security
information officer (CIO) to achieve these aims.
and the interests of the business. A BISO typically acts as the CISO’s deputy to oversee strategy at a
The CISO works with the CIO and technology teams
granular level. In large organisations there may be
to design, build, test, deploy, maintain and upgrade
multiple BISOs embedded in major business units or
technology systems. The CISO is responsible for
regional teams. For large scale technology rollouts
implementing and maintaining the security of
there may be a BISO who acts as the focal point for
these systems.
business teams.
The fact is, our world is exponentially increasing its
If security is to function as a strategic business
use of technology. With that comes an expectation
enabler there needs to be alignment between
that everyone—including all our non-technical
business priorities and information security priorities.
teams—knows how to use these technologies in a
If security and business teams are not collaborating,
safe and secure manner. Within many organisations
security incidents become more likely as technology
there are a large number of non-technical staff:
use increases. Even with the best monitoring and
finance, accounting, marketing, supply chain, human
the strongest security teams, incidents may still go
resources, education, healthcare, legal, machinists
unnoticed and unresolved.
and so on. A good BISO needs to be:
BRIDGING THE TECH/NON-TECH GAP So, how do we bridge the gap between those in non-technical teams and those in technology teams? How do we communicate safe and secure use of
126
W O M E N I N S E C U R I T Y M A G A Z I N E
• A good listener, to learn about the challenges from both the technical teams and business functions. • A good translator, to translate technology
J A N U A RY • F E B R U A RY 2023
