The digital economy has become the focus of economic development in various countries. The COVID-19 epidemic has prompted all industries to invest in digital transformation. However, the rapid changes in information and communication technology, together with the multiple applications of data have also aggravated information security issues. Information security risk has become a major challenge for current business operations, but its management involves many levels and considerations. Facing the threats brought by information security risks to enterprises, establishing a management mechanism that adequately responds to relevant risks has become an important task in dealing with information security risk issues. In particular, whether and how an enterprise can link information security risks with business operations by setting up a "Chief Information Security Officer" to fully judge the actual scope and degree of impact of information security incidents on business operations. The Federal Information Security Management Act of the United States emphasizes the importance of the "Information Security Officer", while leading major countries also formulate similar regulations. Taiwan's Cyber Security Management Act is the first to clearly stipulate the establishment requirements of the "Chief Information Security Officer" at the legal level. At the level of non-government agencies, the Financial Supervisory Commission proposed and expanded the requirements for setting up chief information security officers in the "Financial Security Action Plan" and "Financial Security Action Plan 2.0", as well as adopted a phased and hierarchical approach to promote it. When the issue of personal data protection is taken seriously and leads to discussions on whether to set up a privacy officer/personal data protection officer, our country can also refer to the requirements for the establishment of an information security officer, and gradually promote this mechanism in a hierarchical manner. The establishment of an information security officer will gradually become an indispensable item in the operation of each enterprise, assisting enterprises to fully develop while effectively accommdating the management needs of information security risks that arise during the development process.