We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
INFORMATION SECURITY AWARENESS AND ITS IMPACT ON THE CISO'S RESPONSIBILITIES - A STUDY OF THE PORTUGUESE ENVIRONMENT.
- Authors
Monzelo, Pedro; Nunes, Sérgio
- Abstract
In an increasingly connected and digital world, information - which is seen as a business enabler and source of sustained competitive advantage - is becoming way more exposed and vulnerable. Information assets have been increasingly recognized as critical business assets, turning information security into an essential tool for the resilience of organizations, driving them to align their information security strategy with the business strategy. This paper aims to study the main areas where information security should act, the roles and responsibilities of the Chief Information Security Officer (CISO) and to understand how information security culture and awareness impacts on the CISO's corporate responsibilities. Interviews were carried out with experienced information security consultants and information systems and information security directors, which led to the conclusion that organizations in Portugal still need to increase their maturity when it comes to information security, and that this may be due to the absence of an established security culture in the country. On the other hand, it has been recognized that the CISO's role has been increasing in relevance, being considered that it should have a close and independent relationship with organizations' boards.
- Publication
Journal of Information System Security, 2021, Vol 17, Issue 2, p81
- ISSN
1551-0123
- Publication type
Academic Journal