Security officers want business visibility, but will CIOs let them have it?

posted onAugust 10, 2001
by hitbsecnews

Any CEO who reads the newspaper knows that information security is anything but secure. Last week, the headlines were especially ominous, with the Code Red and Sircam worms threatening to gobble up the Internet, and reports that AT&T Wireless and Verizon Wireless were investigating a security breach that may have exposed the Social Security numbers of hundreds of customers. You'd better believe that CEOs are asking tough questions about security. But who should answer them-the CIO, or an executive focused on security?

For the past decade, CIOs (and CIO magazine) have been talking about alignment: about reporting directly to the CEO, about playing a business role, about speaking the same language as other executives. Bend your ear to the information security community, and you'll hear the same kind of rumblings....

"Security is a very broad discipline; you have to be all over the map," says Micki Krause, vice president of the board of directors for the International Information Systems Security Certification Consortium, or (ISC)2, a nonprofit organization that trains and certifies security professionals.

"You need to look beyond technical proficiency," she continues, describing the skills she needs as director of security at PacifiCare Health Systems in Santa Ana, Calif. "A lot of information security is marketing and sales. For a successful implementation of a security program, [the security officer needs] to solicit buy-in from all employees up to senior management, and that takes business acumen and an ability to translate technical requirements into business enablers. ? As technology evolves, security becomes increasingly more visible and critical, thereby organizations at a senior management level will increasingly understand the importance of the security function."

Sound familiar? Just replace the word "security" with "IT."

Krause reports to PacifiCare's CIO. But in a growing number of cases, security is being given a more prominent spot in the organization. Korn/Ferry's Jim Bock, a recruiter who specializes in IT and information security placements, has noticed that more chief security officers are starting to report directly to the CEO, on a peer level to the CIO. "It depends on the level of importance a company places on security," Bock explains.

Click here to continue reading this article over at CIO.COM.

Source

Tags

Industry News

You May Also Like

Other Articles In This Section

Recent News

Wednesday, May 8th

Chinese Hackers Deployed Backdoor Quintet to Down MITRE
Apple announces M4 with more CPU cores and AI focus
Boeing says workers skipped required tests on 787 but recorded work as completed
Ransomware mastermind LockBitSupp has been ID’d
OpenAI’s flawed plan to flag deepfakes ahead of 2024 elections

Tuesday, May 7th

Indian police adopt facial recognition despite risk of massive data breaches
Cybersecurity Workforce Sustainability Has a Problem
New Cuckoo macOS malware can take over all Macs and steals your passwords too
Apple’s iPhone Spyware Problem Is Getting Worse
Tesla announces fourth round of layoffs in four weeks
New Microsoft AI model may challenge GPT-4 and Google Gemini
Novel attack against virtually all VPN apps neuters their entire purpose
Hackers discover how to reprogram NES Tetris from within the game

Monday, May 6th

NASA hasn’t landed on the Moon in decades—China just sent its third in six years
Counterfeit Cisco gear ended up in US military bases, used in combat operations
Microsoft plans to lock down Windows DNS like never before. Here’s how.
These dangerous scammers don’t even bother to hide their crimes

Friday, May 3rd

Iranian state-backed cyber spies continue to impersonate media brands, think tanks
Malware attacks on Docker Hub spread millions of malicious repositories
Want to Buy a Decommissioned Supercomputer? Here’s Your Chance
Maximum-severity GitLab flaw allowing account hijacking under active exploitation
Would You Still Use Google if It Didn't Pay Apple $20 Billion to Get on Your iPhone?

Thursday, May 2nd

Nvidia's flagship gaming GPU can crack complex passwords in under an hour
The US Government Is Asking Big Tech to Promise Better Cybersecurity
Email reveals Microsoft's rushed decision to invest in OpenAI
Anthropic releases Claude AI chatbot iOS app
Hacker free-for-all fights for control of home and office routers everywhere

Wednesday, May 1st

Two giants in the satellite telecom industry join forces to counter Starlink
The Dangerous Rise of GPS Attacks
China Has a Controversial Plan for Brain-Computer Interfaces
DEA to reclassify marijuana as a lower-risk drug, reports say

Tuesday, April 30th

Tesla Partners with Baidu for Full Self-Driving Rollout in China
UK becomes first country to ban default passwords on IoT devices
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets
Apple must open iPadOS to sideloading within 6 months, EU says