What is a CISO?

Section 4 of 23 NYCRR 500 requires covered entities to “designate a qualified individual responsible for overseeing and implementing the Covered Entity’s cybersecurity program and enforcing its cybersecurity policy.” The regulation refers to this individual as a Chief Information Security Officer, or CISO for short. This requirement may seem burdensome for a small company like…