What is a business information security officer or BISO? Do you need one? Is it just an extension of the CISO or is it simply taking on the business aspect of the CISO role?



Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Nicole Dove (@IssaUrbanGirl), BISO, ADP, and host of Urban Girl Corporate World podcast.

Thanks to this week’s podcast sponsor, Deep Instinct

Deep Instinct is changing cybersecurity by harnessing the power of Deep Learning to prevent threats in zero time. Deep Instinct’s on-device, solution protects against zero-day, APT, ransomware attacks, and against both known and unknown malware with unmatched accuracy and speed. Find out more about the solution’s wide covering platform play.

Got feedback? Join the conversation on LinkedIn.

On this episode of Defense in Depth, you’ll learn:

  • A BISO becomes very valuable where they can be mapped to a specific business unit (by locale or business line).
  • The BISO role has become important because practically all companies are reliant on data and technology.
  • The BISO must have power to do their job. That requires autonomy and decision making ability.
  • Another way to describe a BISO is as a senior business analyst with a security focus.
  • From CISO to project manager, roles change often for a BISO.
  • Geo-aligned positions for BISOs have become extremely valuable in light of different and growing territorial regulations.
  • BISO is a good role for a wannabe CISO.
  • Only large companies have room for a BISO.
  • A BISO who can cozy up to a particular business units sales strategy is of enormous value.
  • Make sure the BISO is actually bringing value and not just acting as a gatekeeper between security and the business.