skip to main content

Enter the BISO: Rise of the Business Information Security Officer

Blog Posted in: Information Governance | Data Management |
Apr 12, 2016

Blog Contributors:  Robin Athlyn Thompson and Brian Schrader

Information…  Any one of us could have a different definition of that word, depending on the context. In our day-to-day work at BIA, information most often means the Electronically Stored Information (ESI) that we help clients identify, collect, process, review and produce, and which may help prove or disprove the allegations contained within a lawsuit.  

Within most organizations, information is that data which contains the cultural history, process workflows, strategic business plans, creative ideas, competitive advantages, and future ideas of the organization. For the organization, that information has financial value, appreciating or depreciating over time, just as any other organizational asset would. In fact, adjunct Professor at Oxford University, Jeff Ritter, spoke to us in our February webinar about creating organizational wealth through good information governance.

Over the years, we’ve watched historical changes in the way information is recorded and stored, from typewritten notes bound in minute books to the unending variety of digital information management systems prolific across both our personal and professional lives today. We’ve also watched a number of changes in the business units which safeguard, regulate and protect information as an asset.

Historically, Legal often was the leading arbiter of policies and practices regarding the organization’s information, with records and information managers executing on policies created by the legal department to govern the safekeeping, retention and destruction of that information. Today, Legal more often works with one or more other departments within the organization that help with that task.

First there were the departments headed by Chief Information Officers (CIO) and/or Chief Technology Officers (CTO) that stepped in to help not just create, but to enforce those information management policies generated by legal.  In the last several years, as the safekeeping and security of that information became more and more crucial, the Chief Information Security Officer (CISO) role arose focused primarily on the security of information.

More recently, another new senior information management position has begun to appear in organizations – one that focuses on a different critical part of the organization’s information management: the Business Information Security Officer (BISO). This new role works closely with the CTO, CIO and/or CISO and focuses on helping develop a culture and centralized strategy to manage risk and security. The BISO helps ensure that each line of business works toward a central goal, designed to minimize risk, maximize protection and increase the value of the organization’s business information assets.  

Curious as to what exactly the BISO does today? You’re not alone. Indeed, a popular request from our webinar attendees has been to learn more about the business units involved in information governance. This month we invited Retired Resident Agent-in-Charge, Cyber Investigations - Western Resident Agency, Hal Nicholson,to present our April webinar and discuss the role of BISO. Hal is one of the foremost cybersecurity and forensics experts in the nation, and he will talk with us about how the BISO fits into an organization and discuss workflows and methodologies for that role. View the webinar here. As always, our webinars are presented free of charge.