Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

What Would You Do As Chief Information Security Officer?

Four CSOs share insights into what's involved in being the security guardians of their enterprises
Page:

Becoming the chief information security officer (CISO) of a corporation makes you a strategic IT advisor to business management, the chief information officer, and the rest of the information technology staff. Just as no company is the same as another, the job of CISO — or alternatively, "chief security officer", which might include physical security as well — isn't either. The four security professionals who share their priorities with us make it clear there's nothing cookie-cutter about the top IT security job.

Name: Beth Cannon

Title: Chief security officer at San Francisco-based merchant bank Thomas Weisel Partners

Installed base: 700 employees using servers, desktop and laptop computers, plus 450 handhelds, mainly BlackBerry

Broad concerns about regulatory compliance were instrumental in creating the chief security officer job at US merchant bank Thomas Weisel Partners back in 2004.

"Among the drivers for the CSO job were the disaster-recovery rules coming into play from the Securities and Exchange Commission (SEC) after 9/11," says Beth Cannon, the first-ever CSO there. "We also needed to look at Sarbanes-Oxley because we were planning to go public."

Thomas Weisel Partners decided to carve out the job in order to have a point person acting as central liaison between the legal department, IT and upper management in crafting IT security policy.

Cannon, who reports to the CIO, said she has made it a priority to have telecom providers disclose how lines to the bank's corporate clients are routed to avoid an over-concentration in one area — one horrible lesson learned after the Sept. 11 terrorist act on New York — and is looking at VoIP as an option for some services to users.

While it's not always easy to build unity internally around security policies, one advantage, she says, is that her eight-year tenure at the firm — she was the chief technology officer there before accepting the position as CSO — meant "I've built a lot of relationships."

This helped in the situation when she had to sit down with the legal department and IT to hammer out security policies she was advocating for the hundreds of BlackBerries and laptops that employees take with them for mobile computing.

While sometimes employees baulk at policies such as password time-outs or encryption that may add complexity, says Cannon, it's easier to help change a pattern of computer behaviour when the discussion occurs between people who personally know each other. "The relationship really becomes the key," said Cannon.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: ACT, American Express, BlackBerry, Defence Department, Dell, Deloitte & Touche, Dovetail Distribution, Ernst & Young, Ernst & Young, Guaranty Financial, HIS Limited, IBM, IPS, JP Morgan, McAfee, Morgan, NATO, NetIQ, Oak Ridge National Laboratory, PLUS, SEC, Securities and Exchange Commission, TippingPoint, TippingPoint, Wells Fargo

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Reconciling Datacenter consolidation and security: It starts with an integrated approach
    There is no question that datacenter consolidation has gone mainstream. A recent IDG Research survey of IT managers found that three out of four organizations are in the midst of, or just completing, consolidation of multiple applications or systems onto a smaller number of servers. Improving performance and availability was the key driver of consolidation efforts for 85% of those surveyed.
    Learn more »
  • Why Two Thirds of Enterprise Architecture Projects Fail
    This is the conclusion of a study for the R otterdam U niversity carried out by J onathan B roer in the summer of 2008, ordered by BPM and E A software vendor IDS S cheer. B roer questioned 161 respondents from 89 organizations representing a range of industries about their vision and implementation of the enterprise architecture concept.
    Learn more »
  • Protecting Generation Web
    From data privacy to personal safety issues, cyber-bullying, inappropriate content and malware, schools are facing an increasingly difficult task when it comes to allowing young people to spread their online wings without compromising their safety and personal development. The reality that most schools are catering to the needs of mixed age groups and abilities, and it’s easy to understand why a simple stop and block approach won’t work. Learning environments are, by nature, flexible. It stands to reason that the IT resources used in them should be flexible too. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments