ECSO recently produced a master document offering recommendations for the depiction of the CISO role within ENISA’s European Cybersecurity Skills Framework (ECSF). The suggestions were gathered through ECSO’s active CISO community, comprising of CISOs from 28 European countries. As the only non-profit organisation hosting a European cross-sector CISO community, ECSO acts as the facilitator of this network of practitioners across Europe, bringing them together to provide output to relevant stakeholders.
The main objective of ECSO’s master document is to offer recommendations for enhancing the depiction of the CISO Role within ENISA’s European Cybersecurity Skills Framework (ECSF). The suggestions resulted from the collaborative effort of ECSO’s CISO Community that gathers 352 CISOs representing 28 European countries.
CISOs (Chief Information Security Officers) are responsible for overseeing an organisation’s cybersecurity strategy and its effective implementation to ensure the robust security and protection of digital systems, services, and assets. Throughout the document, the suggestion is to enhance inclusivity by incorporating the term “Information Security” alongside “Cybersecurity.” For instance, phrases like “Cyber and Information Security Governance” and “Manage cyber and information security risks” should be utilised.
The key discussions among the CISOs were aimed at striking a balance in crafting a clear and concise recommendations following the structure of ENISA’s CISO Role Description: Alternative Title, Summary Statement, Mission, Deliverables, Main Tasks, Key Skills, Key Knowledge.
The document also contains suggestions to expand the list of alternative CISO titles to include roles that are contingent on the specific organisational structure, for instance: Business Information Security Officer (BISO) and Divisional Information Security Officer (DISO). This inclusion allows to represent the diverse and dynamic nature of these positions in various organisational settings.
Additionally, ECSO suggests that the main tasks of the CISO shall be structured according to the NIST framework:
- Business Strategy
- Mission
- Vision
- Technology
- Cyber and information security tasks related to technology.
The master document will now be sent to ENISA for a potential inclusion in the future iterations of the CISO Role in the ECSF. ECSO’s belief is that this well-balanced and realistic document is a great step forward to synchronising main aspects of the CISO role across the EU.
More information about ENISA’s European Cybersecurity Skills Framework:https://www.enisa.europa.eu/topics/education/european-cybersecurity-skills-framework.
For any question, please contact Sebastijan Cutura at sebastijan.cutura@ecs-org.eu.