What is a CIO? |
A Chief Information Officer (CIO) main focus is to help the organization establish the Security Program in coordination with the organization's Executive Management and Information Technology (IT) divisions.
The CIO is responsible for:
| |||
What is a CTO? |
The Chief Technology Officer (CTO) is responsible for identifying external products that can maximize the organization's innovation process. In specific, the CTO focuses on enahancing the organization's innovation process by improving existing services and/or identifying innovative systems. During the process, the CTO should work closely with the CIO, if applicable, to ensure that the organization incorporates innovative ways to expand services provided to the organization's consumers target without impacting or disrupting the organizations internal security program.
The CTO is responsible for...
|
|||
How are the two meshed? |
Since not all organizations are able to afford two different roles, we offer a mesh of the two roles into one. However, it is essential to understand that the meshing is only successful when the organizations has a Security Program that has reach the Risk Management Tier 3/4 as noted under the NIST Cybersecurity Framework Implementation Tiers.
Our initial focus will be to ensure that the organization meets the Risk Management Tier 3 of the Cybersecurity Framework before we engage in the CTO role. The rationale behind it is simple... expanding services to clients without a proper Risk Management process can be highly detrimental in the long term. Once the organization reaches a Risk Management Level 3 or 4, we can expand the services to the CTO level.
However, if the company wishes to dive into the CTO services, we will not mind diving into an analysis of what the future could hold when the organization wishes to expand into the CTO role of innovation for external clients. We can certainly draft a Plan and determine which areas can be addressed in a parallel manner to limit cost. | |||
How does the CIO/CTO role works? |
This particular service is triggered by the outcome of the initial Enterprise Information Risk Management Assessment (EIRMA) process. The CIO/CTO roles have been designed with small/mid-size companies in mind. While we cannot go into the details on this particular service, it is structured in a manner that allow us to offer services that would normally be unrealistic to small/mid-size companies as it pertains to cost for a fracture of the price.
Therefore, while we do not mind offering this service to bigger companies, we prefer to focus on small/mid-size companies at this time. Our services include the following:
| |||
When is a CIO/CTO required? |
A CIO/CTO is required when the organization is ready to implement an Organization-wide security program and/or wish to improve an existing one but lacks personnel with the necessary knowledge to address the issues at hand. | |||