IT DRILLDOWN
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion

 CIO Consumer IT

 CIO Leader

 CIO Enterprise

 CIO Insider

More Newsletters | Edit Profile
 

RSS Feeds »

 
 
LEADERSHIP
 

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 

CIO Executive Council

Public Teleconferences

Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
 * Youth in IT: How CIOs Can Engage the Next Generation
 June 10
 * Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 

Are you involved in setting the direction for your company's IT budget or strategy?


Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

Reprints »

 
 

News Feature

 

Risk Management: 12 Keys for Locking Up Tight

 

By Angela Genusa

March 01, 2001CIO — In a perfect world, a bit of common sense and a dash of due diligence would protect us from hackers, saboteurs and the common cold. Well, the world isn’t perfect, and we know we can never be completely secure. There is a measure of safety to be gained by following a formula of threat education, security breach prevention and risk mitigation. n "There’s no single answer," says Bruce Schneier, CTO of security consultancy Counterpane Internet Security in San Jose, Calif., and the author of Secrets & Lies: Digital Security in a Networked World (Wiley, John & Sons, 2000). "I can’t say, ’Do these seven steps and you’ll be magically secure.’" Although every organization’s security infrastructure must be unique to be effective, Schneier and other experts point to the following essential ingredients. Pay close attention to these basic security issues.

1 Establish Accountability

Companies have traditionally relegated security to IS, viewing it merely as an administrative function and expense. However, security can no longer be a closeted IT function, says Michael Assante, cofounder and chief intelligence officer of LogiKeep, a security consultancy based in Dublin, Ohio. "It’s got to be a boardroom issue and not a backroom issue. It needs to become part of a business decision-making process, looking at system survival and business continuation issues. Accountability should fall on the shoulders of the business decision makers."

As the liaisons between operations and management personnel, CIOs are uniquely positioned to champion IT security issues in their organizations, according to John S. Tritak, director of the Critical Infrastructure Assurance Office with the U.S. government. CIOs and other senior IT executives need to cultivate and maintain close relationships with senior operations, telecommunications, physical security, human resources and other executives in their organizations to develop and implement a comprehensive IT security plan.

CIOs must have the authority and the autonomy to immediately address security issues or react to breaches quickly, says the executive vice president of IT at a Fortune 500 financial services corporation. "You can’t create a ton of bureaucracy that makes it impossible for you to act or quickly react," he says. "It’s called accountability."

Some companies are hiring vice presidents of security and chief information security officers (see "Someone to Watch Over You," Page 82) to put policy, processes and methodology in place. Some are hiring chief privacy officers (see "Oh No, Not Another O!" CIO, Jan. 15, 2001) to oversee privacy issues. However, these positions must be more than window dressing, security experts say.

 
 
 
 
 
 
Loading...
 
 
ABCs
 

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Case Study: 24 Hour Fitness turned to SEPATON

BPM Done Right: 15 Ways to Succeed Where Others have Failed

3 Reasons to Invest in Integration Technology Now

Survival of the Fittest: Disaster Recovery Design for the Data Center

Building a Foundation for Pragmatic Service Management White Paper

Strategies for centralizing data backup

The Best IT Strategy for a Company with Global Operations

The PCI Data Security Standard

Tuning ERP and the Supply Chain for Profitable Growth

How Plug-in Integration with Global Suppliers Quickly Multiplies the Value of SAP Investments

White Paper: Transportation is a prime opportunity to reduce costs

Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services

A Solution for Remote Data Replication

2008 Annual Google Communications Intelligence Report

This white paper highlights best-of-breed solutions being built on the Microsoft platform

IT Service Management: Metrics That Matter

TCO Comparison Report: Reducing Costs in the Data Center

Guidelines for Energy Efficient Data Centers

Drive More Effective Business Processes with SOA

Fuel the Responsive Enterprise Through Oracle Fusion Middleware

Today's Enterprise Workforces: Remote But Not Isolated

E-Discovery: Why Archiving Your Web Presence is a Business Necessity

Webcast: Learn how organizations are overcoming productivity declines

Uniting IT with Business through ITSM

Unified IT Strategy Playbook - A Must Have!

The Forrester Wave & Trade: Enterprise Open Systems Virtual Tape Libraries

The New Growth Paragidm: Multi-Enterprise SOA

Enterprise Service Bus: A Definition

Helping IT Become a Service Provider White Paper

Extending PCI Compliance to the Mobile Workforce

Wide-area data services enable todays global enterprise

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

ITCi White Paper: Challenges and Opportunities of PCI

Compliance by the numbers- addressing requirements with online document management and collaboration technology

White Paper: IDC Analysts Discuss Open Text

Business Transaction Management: The Evolution of IT Management

Case Study: CitiStreet achieves complete disaster recovery protection

Webcast: Learn how Accenture, Avanade and Microsoft are helping organizations overcome productivity declines

Comparing Google and Other Leading Messaging Security Solutions

Secure your virtual and physical environments with the same software.

Research Report: The State of Data Protection in Today's Enterprise

A Must Read on Data Protection Strategies!

Taneja Group Report - The Greening of the Data Center

Balance Your Innovation and Efficiency Platforms for Competitive Advantage and Responsiveness

LIVE Webcast - The Mainframe is Dead...Long Live the Mainframe?

Putting Windows Server and Citrix to Work in the Enterprise

Knowledge Management Best Practices: Get Proven Tips and Techniques

Oracle 9i Database Upgrade Management Services - Upgrade with Confidence

How to Support Your IT Environment - Important Factors

Learn how to communicate the business value of IT