A new role is emerging in more and more organisations – that of chief security officer (CSO), says Giga Information Group.

Typically, the CSO is accountable not only for IT security policies, but also for improving the operational efficiencies of the business and implementing risk management plans.

Prior to 2001, the position of CSO was thought of as "rather peculiar", says Steve Hunt, a security expert at Giga. However, he says that security is best treated as a business process with one person responsible for coordinating the various security initiatives across an organisation. Giga has now identified more than 200 companies that employ a CSO.

In late 2001, many CEOs wanted a comprehensive security report from the head of IT security and the head of corporate or physical operations (ie security guards). More often than not, the two departmental heads had never even met before, says Giga, and few companies had a coherent overall security strategy.

As a result, the position of CSO is gaining in popularity but, being new, the role differs dramatically from business to business. The required qualifications, reporting structures and compensation are also "wildly diverse", concludes Hunt.