Chapter 2: End-to-End Security Operations
The chief information security officer (CISO) ensures the end-to-end (E2E) security operations of an organization. Together with their security team, they handle all security operations, enforce policies, and evaluate and address system vulnerabilities to ensure that a company's information assets are safe from both internal and external threats.
This chapter will cover a typical day of a CISO and their E2E security operations and present the CISO activities that make up this security strategy. By the end of the chapter, you should be able to understand the reasons behind all the CISO and team's security activities and why they need to address all sectors of an organization without neglecting any.
We will cover the following topics in this chapter, which also form a list of the main CISO roles in an organization:
- Evaluating the information technology (IT) threat landscape
- Devising policies and controls to reduce risk
- Leading auditing and compliance initiatives
- Managing information security initiatives
- Establishing partnerships with vendors and security experts
