The Integrity News
Vol. XIII No. 8 ISSN 1081-2717
April 22, 2004
April 15, 2004 ( pgs. 48-54 )
This article describes a trend that shows that companies
are increasingly moving the job of policing both physical
and information security into the hands of a Chief Security
Officer (CSO).
"Ambassador -- sells security to the organization and
creates urgency.
Negotiator -- gets budget resources from all functions
in the company.
Change Agent -- helps create and sell a plan for building
better security.
Troubleshooter -- fixes unanticipated problems.
Enforcer -- deals with people who will insist on being part
of the problem rather than the solution."
The evolving and increasingly important role of information
security requires an IT background and the instincts of law
enforcement. Information security crashes together two
functions: traditional corporate security and IT. Corporate
security is using more and more technology to get it's job
done. And, the stakes in an IT security breach have risen
so high that IT people may no longer be able to protect their
companies from what could be serious financial losses,
extended network down-time, and badly damaged relationships
with customers.
"You've lost track of what you have in the infrastructure.
The company has grown a lot or changed its business.
Your customers demand extra privacy and security.
You weren't regulated and now you are, or the regulations
have changed.
Your competitors start using their success with security
as a competitive weapon against you.
The company doesn't have an explicit written security
policy or can't enforce the one it has.
Outsourcing deals haven't been examined for security
issues.
Data has not been segmented into more secure and
less secure.
Every manager and employee doesn't believe that
security risk is real, close by, and imminent.
A major security incident has happened, and you need
to rebuild trust with customers."
While the trend above is clear and growing,
"there is no formula for making the decision.
It depends on factors like culture, governance
structure, size (and size of customer base),
sensitivity of corporate data, and demands of
customers."
To discuss improving your security, feel free to
call The Integrity
Center, Inc. at (972) 484-6140.
Helping you with your HR Automation and your Risk Management is what we do.
|
|