What's the role of a chief security officer?
ASIS International, a international security organization based in the United States, knows the answer. The organization today announced the release of its first American National Standard, approved by the American National Standards Institute (ANSI), titled appropriately enough: the CSO Standard.
The new standard is based on the preexisting ASIS CSO Guideline, and is designed as model for organizations to use when defining security and risk leadership position. According to ASIS International, the CSO position can be implemented as either a standalone position, or as a set of responsibilities managed by the organization's executives.
"The standard states that effective leadership within the top levels of an organization, especially its security functions, is imperative," says Jerry J. Brennan, chairman of the CSO Standards Committee. "Traditionally, what has been lacking in many organizations is a single governance position at the senior level being accountable for crafting, influencing and directing the organization-wide security-related risk and protection strategies in a manner that is compatible with that enterprises' structure and culture. The ability to effectively influence business strategy and address issues related to internal and external security risk exposures requires a CSO-type function at the appropriate level in the organization."
According to ASIS, the standards for a CSO position are relevant for private businesses as well as the public sector, and the standard includes information on the reporting relationship, the key responsibilities and accountabilities assigned to the CSO. It also includes information on competencies, experience, education and compensation which would commonly accompany such a position.
ASIS International is an ANSI Accredited Standards Developer, and while the organization has published a number of internal guidelines over the years, this is the organization's first release of a national standard approved by ANSI.
The ASIS/ANSI-approved CSO Standard is available from ASIS as a free download.