There is a story that circulated soon after September 11 of how the CEO of a large US company summoned his head of corporate security and his head of IT security to discuss the firm's exposure to disaster. The CEO watched agog as the two executives greeted each other for the first time. Worse followed when it became clear that neither security professional had a coherent strategy let alone any semblance of coordination.
Global IT advisory firm Giga Information Group says it heard similar anecdotes again and again from business leaders who were dumbfounded that two internal departments, each charged to manage business risk, knew so little about the other. But if the management gurus are correct - and if present indications are any guide - this disconnect, like September 11 itself, will soon be part of history. Today, Americans and Europeans speak of the "new normal": that state of being in life, as in business, where nothing can be taken for granted, least of all the security of the human and infrastructure assets that drive all businesses, governments and countries.
It was once the case that the security of all an organisation's assets was the responsibility of one person, who usually came from a physical security background. Information security, such that it was, also belonged to this someone. They set up the accounts and assigned passwords. Then the Internet changed everything. As information technology became more interconnected and integral to an organisation's prosperity, its security was separated from the person who issued ID badges and ensured that fire regulations were observed. But the pendulum is swinging again. Steve Hunt, a vice president and the security research leader at Giga, says the idea of two security departments is understandable because physical security technologies require different expertise from IS technologies. Best practice in security now says that having isolated parts of an organisation monitoring particular pieces of risk is less effective than managing enterprise risk.
"In the past, business managers blissfully relegated technical risk management to specialised IT and corporate security teams," Hunt says, "while corporate security personnel focused on employee safety, crime prevention and physical risk management. IT security staff had their own interests, such as logical perimeter defences, password management, hacker prevention and Web site security. But after September 11, it seems common to hear security referred to in terms of business value and business process. For example, disaster preparedness, competitive espionage and cyberterrorism each impact the entire company, its shareholders, its employees and both sides of the security program."
It is increasingly the case that the one person - a very particular person - holds the brief for the security of everything the enterprise holds dear. Today's mantra is that risk management is as specialised and as vital as information management or financial management. Business continuity planning has brought the physical and IT security worlds closer together because management knows its business is just as susceptible to a flood, fire, theft or a bomb as it is to a hack, a computer failure or a rogue programmer. In the wrong hands, weapons of mass disruption are as scary as weapons of mass destruction. Continuous advances in technology and the realities of today's world have catapulted the security executive to the door of the boardroom alongside CIOs and CFOs. The chief security officer (CSO) has arrived.
- +
Ticked Off at Tick the Box Mentality 04 February, 2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
Read up on the latest ideas and technologies from companies that sell hardware, software and services. 
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
Chris Hoff on Virtualization and Cloud Computing 20 November, 2008 10:55:00
Chris Hoff, chief security architect for the systems and technology division at Unisys and an advisor on the Skybox Security customer advisory board, is one of the biggest critics of virtualization security out there. Not because it isn't important - but rather because it is vital and needs to mature rapidly. - +
Cybersecurity is focus of new start-up incubator 20 November, 2008 07:19:00
Texas uni announces the Institute for Cyber Security.The University of Texas at San Antonio Tuesday announced a technology incubator aimed at fostering IT security-based start-ups within the state. - +
Dilip Sarangan on Physical Security M&A 20 November, 2008 11:18:00
Dilip Sarangan tracks physical security companies for Frost & Sullivan. He expects the industry's "need to have" products to weather the economic storm well, with the big players (now including IBM and Cisco) looking for value-priced acquisitions. - +
International Challenges in PCI Security 20 November, 2008 09:15:00
In a country that's seen many regulatory compliance challenges this decade, the headaches of PCI security tend to be analyzed from a largely American perspective. - +
PCI council sharpens oversight of security auditors 19 November, 2008 10:53:00
Quality assurance plan targets security assessors and scanning vendorsThe PCI Security Standards Council Monday unveiled a plan to sharpen oversight of the hundreds of security-service providers now authorized to evaluate merchant networks under the organization's Payment Card Industry data standards.
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 20 November, 2008 17:34:00
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 20 November, 2008 12:06:00
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 20 November, 2008 12:04:00
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 20 November, 2008 12:02:00
NetApp Named 2008 Citrix Ready Solution of the Year by Citrix Systems 20 November, 2008 11:33:00
|
||
|
||
|
|
||
|
Email Archiving 101—Customer Case Study
Join Lee Benjamin, a Microsoft Exchange MVP and Ryan Shipkowski, network administrator for Matthews, to discuss the process and ROI of implementing an email archiving solution, with emphasis on a case study from Matthews International.
Buying Guides
Latest Products
