A Chief Information Security Officer (CISO) is a senior executive in a business whose primary responsibility is protecting the company's systems and data from cyber-attacks. The CISO must possess a comprehensive knowledge of the organization's information security structure, policies and procedures as well as the weaknesses and capabilities of its IT (IT). A CISO is responsible in directing and managing the company's information security operations. This is a part of incident response and recovery.