scope:

The Chief Security Officer (CSO) Organizational Standard is applicable to organizations in the private and public sector environments, which need to evaluate and respond to the ever-increasing and everchanging multitude of threats to their assets, equities, information, and structure, on both a domestic and global level.

Summary

This Standard is designed to be a tool to educate an organization in deciding upon and providing a security architecture characterized by appropriate awareness, prevention, preparedness, and necessary responses to changes in threat conditions. This Standard is structured at a high level, although specific considerations and responses are also addressed for deliberation by individual organizations based on identifiable risk assessment and requirements.

Purpose

This Standard is a model for organizations to use when developing a leadership function to provide a comprehensive, integrated security risk strategy to contribute to the viability and success of the organization. This leadership function is designated the Chief Security Officer (CSO). With respect to this standard, the role may be viewed as a standalone position or as one that has been incorporated within an existing senior-level executive's accountability to the organization's leadership team.