Reader ROI
- Learn how to build a team to handle information security
- Find out how to hire skilled security professionals
- See how to use your IT organisation as a security staffing resource
Last year, David Saul, executive vice president and CIO of commercial insurer Zurich North America, pulled a dozen IT staffers away from their daily tasks to combat a virus that was attacking the company's firewalls. They did a good job limiting the damage, but it took two days - two days in which other work did not get done. Next time, Saul hopes to be ready to respond before a threat surfaces. "We want to be in a safety zone that doesn't require that kind of immediate mobilisation," he says.
That's why Saul increased his full-time information-security staff from 12 to 18 people, mostly by training, reorganising and reassigning IT people to security. "Good security equals prevention, detection and reaction," says Saul. "If you're not going to staff to make the process work, then your exposure to security breaches is higher."
That exposure is an increasingly widespread problem. In a 2001 survey of security practitioners conducted by the Computer Security Institute and the FBI, 85 per cent of respondents (primarily from large corporations and government agencies) had detected computer security breaches in the previous year, and 64 per cent of those respondents acknowledged suffering financial losses.
In fact, there's no limit to the damage evildoers can inflict. In this environment, many people believe that it's sheer madness to have an IT staff handling information security on an ad hoc basis. "It's a hard-and-fast rule, in my opinion," says John Hartmann, vice president of security and corporate services of Cardinal Health, a $US47 billion health-services provider. "If the two roles are shared, business priorities will drive security to a lower priority."
Tim Mitchell, CIO of Sarnoff, an electronic, biomedical and information technologies company, disputes that, saying that his IT staff handles security very well, thank you. But he does agree that people charged with security responsibility must be organised into a team - as his are - carrying out a coherent security program that sets out specific responsibilities and requires regular meetings.
A security team needs to set policies and procedures, assess vulnerability, detect intrusion, respond to incidents and manage security architecture. And perhaps most important of all, it needs a leader.
Finding skilled security professionals to carry out this mission can be tough, and the alternative - training in-house IT staffers who are security novices - can be costly and time-consuming. Outsourcing security is another option. But whichever route you choose, here are some ways to enhance your chances of success.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Achieving the impossible: Unlimited application scalability
Solve Exchange Mailbox Storage Issues Once and for All
How to improve employee productivity in small and medium businesses
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
CRM your salespeople will love
Everything you need to know about email and web security (but were afraid to ask)
Taking On Demand CRM Integration to the Next Level
Email Archiving 101—Customer Case Study
- White PaperJoin industry expert Martin Tuip to discover best practice strategy for the archival and removal of .PST files using email archiving. Learn how to ensure long-term email records are there when needed, and reduce the risk to your business and clients.
- White PaperLearn to tie virtualized computing to virtualized storage, to offer a dynamic set of capabilities within the data centre and create improved performance and system reliability. Discover how best to utilize EMC Celerra in a VMware ESX environment.
- White PaperDiscover how the integration of disparate technologies in your company can lead to greater user productivity, improved management, lower costs, higher efficiency, and easier risk mitigation.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
SOA What? Why You Need SOA Governance Framework 04 December, 2008 08:32:00
Adopting services oriented architecture (SOA) in your enterprise without thinking through IT governance can cause something like the Gold Rush in the 1800s; extreme rates of growth and minimal law and order which produce unexpected outcomes. - +
The Myth of Cloud Computing 04 December, 2008 08:25:00
Why the rapid spread of virtual technology is becoming a security riskWhy the rapid spread of virtual technology is becoming a security risk. - +
Who Pushed Vendors Toward Better Security? 04 December, 2008 09:38:00
Hint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann DavidsonHint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann Davidson. - +
CPO & CISO: A Comprehensive Approach to Information 04 December, 2008 08:42:00
GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets.GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets. - +
Virtually every Windows PC at risk, says Secunia 04 December, 2008 08:00:00
Almost all PCs scanned by patch tool have an unpatched app; 46% have 11-plus.More than 98% of Windows computers harbor at least one unpatched application, and nearly half contain 11 or more programs at risk from attack, a Danish security company said Wednesday.
Fortinet November Threatscape Report Shows Calm Before Holiday Storm 05 December, 2008 16:00:00
Epicor® Cited as an Order Management Solutions Leader by Independent Research Firm 05 December, 2008 15:52:00
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 05 December, 2008 13:00:00
International researchers gather in Sydney to preview the clever web 05 December, 2008 09:48:00
Borderless corporate networks to shift focus to secure content management in Australia in 2009 04 December, 2008 16:06:00
|
||
|
||
|
|
||
|
Data grids and service-oriented architecture
When choosing an SOA strategy, corporations must ensure data availability, reliability, performance and scalability. A data grid infrastructure, built with clustered caching provides a framework for improved data access that can create a competitive edge and sustain customer loyalty. Read on to discover how this can be created within your organisation.
Buying Guides
Latest Products
