Increasingly, Chief Security Officer means what it sounds like: The CSO is the executive responsible for the organization's entire security posture, both physical and digital.
The title Chief Security Officer (CSO) was first used principally inside the information technology function to designate the person responsible for IT security. At many companies, the term CSO is still used in this way. Chief Information Security Officer, is perhaps a more accurate description of this position, and today the title is becoming more prevalent for leaders with an exclusive info security focus.
The CSO title is also used at some companies to describe the leader of the "corporate security" function, which includes the physical security and safety of employees, facilities and assets. More commonly, this person holds a title such as Vice President or Director of Corporate Security. Historically, corporate security and information security have been handled by separate (and sometimes feuding) departments.
Increasingly, Chief Security Officer means what it sounds like: The CSO is the executive responsible for the organization's entire security posture, both physical and digital. CSOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy.
The merging all forms of security under a single organizational umbrella has been a controversial approach at times. At a tactical level, technology is being infused into physical security tools, which are increasingly database-driven and network-delivered. At a practical level, CSOs say a holistically managed security function can deliver better security at lower cost. On the other hand, CSOs without a broad skill base can find it challenging to overcome organizational inertia and politics to deliver on that vision.