Cyberattacks and malware are increasing in frequency in healthcare, requiring hospitals to enhance their cybersecurity efforts from every angle, including the C-suite.
One emerging leadership role is the chief security officer, according to CSOonline. At some organizations, the leader in this position is charged with maintaining the physical security and safety of employees, while at other companies this leader must take on responsibility of IT systems security — in which case, those employees are often referred to as chief information security officers. Often, the lines blur between the two.
Here are five things to know about the emerging CSO role:
1. CSOs are generally charged with upholding the organization’s entire security posture — physical and digital. “CSOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy,” the CSOonline report states.
2. These employees must create a way for their organizations to value security as a strategic asset and part of its mission, rather than as damage control.
“There’s enough of a sample size of attacks and breaches to know that companies need to be taking security seriously now,” Paul Wallenberg, who heads up a team of technology recruiters at LaSalle Network, told CSOonline. “A more proactive approach is for companies to think about what data they own and how the compromise of that data could represent a material threat to their customers and to their business. What would happen if it was compromised without a plan in place? Looking at security through this lens at the board or executive level will drive the decision to hire a CSO.”
3. When looking for a CSO, organizations should consider applicants’ technical and functional competencies to demonstrate they are qualified. Some organizations like to consider applicants with a white hat or ethical hacking background, Mr. Wallenberg added. It is also important to consider applicants’ experience with business continuity planning, auditing and risk management, as well as contract and vendor negotiation.
4. Most CSOs report directly to the CEO, while others report to the board or the CIO — each model has its own strengths and weaknesses. However, whoever the CSO will report to, Mr. Wallenberg says “the executive team should all be involved in the decision-making process. The people who are going to interact most with this person are your COO and CIO, so they should be intimately involved in interviewing and selection.”
5. Some of the responsibilities a CSO may undertake include:
- Leading operational risk management activities
- Overseeing a network of security directors and vendors, as well as the physical safety of employees and visitors
- Developing and implementing global security policies, standards, guidelines and procedures to address security system maintenance
- Directing incident response planning