Which responsibility should NOT be expected of a chief security officer?

The role of a chief security officer (CSO) primarily focuses on the security aspects of an organization's information systems, which includes enforcing acceptable risk decisions, managing incident response, and implementing security policies. These responsibilities align with the CSO's mandate to protect an organization's assets, ensure compliance with regulations, and mitigate risks associated with information security.

However, controlling IT budgets is typically not a core responsibility of a CSO. While the CSO might have input on budget considerations related to security needs, such as investments in security technologies or staffing, budget control is usually managed by other roles, such as the chief information officer (CIO) or the finance department. Therefore, it is more accurate to say that managing the IT budget falls outside the primary responsibilities expected of a chief security officer.