In August 2016, an IB function profile guide for the Chief Information Security Officer (CISO) was published by the Information Security Service (IBD), with the aim of providing support in setting up the IS function within a municipality. For the successful implementation of information security in an organization, the division of responsibilities and authorities for deciding, advising and controlling and about information security measures is a basic requirement. Developments such as the introduction of the government-wide Baseline Information Security Government (BIO) and the introduction of an unambiguous accountability system for information security (ENSIA) in municipalities affect the CISO function and justify an update of the function profile. In addition, the function of CISO has increasingly developed as a profession in the field of information security. That development opens opportunities for professionalization and qualification, which we explore in this guide.
Municipalities differ from each other in terms of organization and therefore in the way the CISO function is filled. With the introduction of the BIO and the binding nature of this framework of standards for the entire government, the appointment of a CISO has become mandatory rather than optional. The appointment of a CISO is an important condition for initiating and controlling the implementation and execution of information security within the organization.
How the position is filled does not describe the BIO. In practice, the role of CISO is sometimes filled as part of another function. It also happens that the CISO has an orientation to the more technical aspects of information security (IS), or is more focused on the organization of IS. Nevertheless, based on the tasks associated with the CISO function in a security organization, a basic profile can be drawn up. This basic profile satisfies the set of tasks associated with the CISO function at the corporate level. It may differ per municipal organization whether these tasks are performed integrally by the CISO, or are partially assigned to other IS functions, or are performed as a role within another function.
Guidance IB job profile Chief Information Security Officer (CISO) BIO ( pdf)
This news item can also be found in the Information Security file
