Investor Presentaiton
8
Governance Model: Reporting of Security Functions
Budget & Control Board
(BCB)
Executive Director
Enterprise
Budget & Control
Board
Budget & Control Board
COO
Chief Information
Security Officer (CISO)
D-CISO
(HIPAA/HITECH)
D-CISO
(FERPA)
D-CISO
(IRS 1075)
Environment and
Land Use
Deputy CISO
Law & Justice
D-CISO
Finance &
Administration
D-CISO
Higher Education
D-CISO
Information Security
Governance
Committee
Information Security
Advisory Council
(Private Sector)
Agency Director
Description
Consider establishing the role of Chief
Information Security Officer (CISO) at the
Enterprise level. This role would report
administratively to the Chief of Staff of the
Budget & Control Board.
Consider establishing the role of seven
Deputy Chief Information Security Officers
roles at the Enterprise level. Each Deputy
CISO would serve as a subject matter
specialist in a certain field and as the primary
point of contact for a State Agency for their
respective field. These roles would report
administratively to the Chief Information
Security Officer.
The Agency Information Security Officers
(ISO) would report administratively to the
Director of their Agency with the Deputy Chief
Information Security Officer responsible for the
Agency providing input on hiring and
performance reviews. The Agency ISO would
also have a secondary reporting relationship
to the CISO.
• The Agency Information Security Officers
are not required to be a full-time position and
may also report to other positions like Agency
CIOS and not directly to the Agency Director.
Agency
Agency Information
Security Officer
Agency Information
Security Staff
This presentation is intended solely for the information and internal use of the State of South Carolina, and is not intended to be and should not be used by any other person or entity. No other
person or entity is entitled to rely, in any manner, or for any purpose, on this draft presentation.View entire presentation