Everywhere I go, security is a top issue. In every interview, when I ask for the top five concerns, invariably security comes up. Plus in surveys of IT managers, it’s a consistent hot item. So what does it take to be a good CISO (Chief Information Security Officer)? Where should you be heading in your security plans? I found this article hits the bulls-eye and it’s worth a quick scan. I have taken some excerpts and included an interview, both of which answer these questions and give you roadmaps for your security plans.
In the piece, Gartner projects 65% of the largest companies will have a CISO. The role has changed “dramatically from a [sentry] role to being a business [enabler]…have business process defined…identity management processed defined...internal processes defined…diplomacy skills—the ability to partner with business units—very strong project management skills…business managers who are enabling business in a secure way versus those focused on security only.” The article goes on to say, the successful CISO has to manage traditional outside threats and securely: expand the company’s perimeter, allow customers/partners to collaborate, ensure employees are working securely and meeting regulatory-compliance.
These views are inline with an audio interview I just finished with Rosaleen Citron, CEO of WhiteHat Inc., a top security firm. She also provides some good tips on security. Rushed for time! Then use the time index to move to the topics you are interested in.
If you have thoughts on this changing role in your company or effective security tips, we would like to hear them…
Security issues affect us all and unfortunately are ongoing. I found the interview with Rosaleen Citron informative and very timely.
Great interview as it really ties into yours and John's comments about the IT pro career changes. The role of a CSO is also changing and I think communication is the number one skill required for the role. It's getting to be more about goverance, risk management, controls and less about technology. Have a CSO that can convey the why and how it will impact an organization is really important. I sometimes get the feeling that we have many situations that seem to refect the emperors new cloths story.
You are seeing a consistent theme and it’s about business and strategy too integrating with technology in a secure way. Unfortunately I feel this still isn’t reflected at the board level in many organizations and this has got to change. In fact, recently I was told that this kind of discussion isn’t even the radar map for boards. If it isn’t identified at the board level then c-level executives miss it too. Often I see executives talking about two systems: business and technology. However they are treated as silos and not given the attention they deserve as being very interdependent. And this ultimately affects the survival of companies. I noticed in Rosaleen’s interview that she talked in the language of c-level executives and that’s a good thing.
After our chat, I got this valuable link from Rosaleen about a good company for "Brand Protection." She talks about this essential topic for IT Managers in the interview. In her note to me: "I met these folks when I gave a keynote to the Canadian Government on ID theft and the threats to corporations. They impressed me with their knowledge of the issues. Here is their website: