Abstract:

As companies become increasingly global and Internet based, information security has become a critical issue for organizations. To face these new threats, the position of Chief Information Security Officer (CISO) has emerged in many companies. We aim to study this new career and determine its current scope of actions and seek to investigate this new profession in terms of roles, tasks and competencies. This study relies on a qualitative questioning methodology, with structured face-to-face interviews in France. Despite many contributions on security risk management, there is limited research on the CISO profession.  The CISO needs many skills, competencies, and carries out a range of tasks.

This research investigates the role, tasks, competencies, skills and levels of autonomy of CISOs in various organizational settings. It provides an understanding of the CISO profession and organizational involvement. The results could be useful for recruitment, training and career planning of CISOs.