Against this backdrop, it is indispensable for almost any company and organisation today to have a sufficiently competent Chief Information Security Officer (CISO), or at least a person who has some basic knowledge of information security management. A Chief Information Security Officer is responsible for managing the information security of a company or organisation and has the best overview of the current security situation of the company’s most valuable data and information assets. If there is no CISO in a company, there is no central manager who would be competent to make decisions in all matters related to information security. This may lead to a lack of coordination and oversight of the organisation’s information security, which in turn may increase the risk of cyber-attacks, data leaks and other security incidents.
The main task of a CISO is to ensure the achievement of the three objectives of information security: availability, integrity and confidentiality. To ensure that these objectives are met, the CISO consistently manages the implementation of technical and organisational protection measures and the monitoring of their functioning within the company. They make sure that the measures comply with the best information security standards in the context of changing circumstances.
Today, the role of a CISO is often primarily associated with protecting the company’s IT-specific assets, but in fact, important (sensitive) information is not only in digital format. Therefore, a CISO must ensure that effective safeguards are in place to protect the company’s information regardless of its format, whether it is digital, on paper or transmitted orally.
A CISO is a top expert, and to be able to perform the duties of this position requires a sound knowledge of information technology and experience in managing people and processes. Due to the ongoing technological innovation, a CISO needs to stay abreast of the latest developments in information security. Therefore, it usually takes considerable resources to maintain a CISO’s competence in-house. However, today’s highly competitive labour market makes it extremely difficult to find talented people and to keep them professionally competent and motivated.
This is where KPMG’s CISO as a service (CISOaaS) can be a solution for companies:
CISOaaS enables companies to acquire the competence of a CISO without having to search for a specialist in the labour market, hire them and maintain their competence in-house.
Senior Cyber Security Advisor
KPMG Baltics OÜ
The line blurring between work and spare time, and the widespread use of remote work mean that peo..
It is a volatile time for economy, which always leads to businesses being purchased and sold. For ..
It is no longer a question of if cyber incidents take place, but when they will take place. Based ..
Mihkel Kukk, Head of Cyber Security Services at KPMG, notes that, although great importance is att..
"Not dealing with information security should not be seen as an IT risk, but rather as a strategic..
Mihkel Kukk, Head of Cyber Security Services at KPMG, says that artificial intelligence cannot rep..
Provide a safe and sustainable business environment for your company. We help build a resilient and reliable digital landscape, even in the face of changing threats.
HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.
Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.
Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.