The title chief security officer (CSO) was first used principally inside the information technology function to designate the person responsible for IT security. At many companies, the term CSO is still used in this way. Chief information security officer (CISO) is perhaps a more accurate description of this position, and today the CISO title is becoming more prevalent for leaders with an exclusive information security focus. But the distinction is not necessarily clean cut, as we’ll see in a moment. The CSO title is also used at some companies to describe the leader of the “corporate security” function, which includes the physical security and safety of employees, facilities, and assets. More commonly, this person holds a title such as vice president or director of corporate security. Historically, corporate security and information security have been handled by separate (and sometimes feuding) departments.