CISO function for a major programme survey

Thank you for being willing to help with the research for a degree in management. The aim of this research is to identify the most appropriate skill set for a CISO team within a major programme delivery. Although various models exist that identify the capabilities required for a CISO function within an organisation, none have been identified through this research that covers the development of a CISO capability for a major programme.

With a proliferation of standards and guidance, there does not appear to be one standard model for roles of business units within a CISO function. The UK Cyber Security Council recognises that there is no one standard job definition for information security roles. Equally, from the CISO functional models reviewed as background research have sliced the strategic, business, and operational responsibilities in a slightly different manner.

Given the standard (best) practice to cyber security I am aiming to get your views through this survey on the capabilities within a CISO function of a major programme. To develop this survey, I have taken several CISO functional models and divided the capability under 14 areas. The following questions have a short statement on what each area is perceived to cover but I provide the option to provide further feedback both on the scope of the function and capability area missed in this survey.

To put this survey into context,  the scale of a major programme I am looking at for this research is the delivery of a private mobile network service comprising of a:

• Resilient radio network
• Mobile virtual network operator
• Set of value-add mobile applications.

With strong privacy legislation the aim is to develop a service that protects personal and personally sensitive information to those with a need to know.

Thank you again for your time in completing this survey.