Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29
Apply today for a FREE subscription to CIO Magazine!
News Feature
Why CIOs Don't Want to Discuss Security
March 01, 2001 — CIO — When it comes to digital information security, CIOs seem to heed the advice of the World War II propaganda posters that read, "Loose Lips Sink Ships." Although security is on every CIO’s mind these days, it’s certainly not on their lips.
We contacted more than two dozen CIOs to speak with them about security. While many declined our requests for an interview, several spoke with us only on the condition of anonymity. As the CIO of a financial services company explained, "Neither I nor any of my peers would want to go on record as saying we’re concerned about it and know we have flaws," he says. "Nor would we want to say we’re not concerned about security, that we have everything in place and we are bulletproof. Either way, it would immediately set us up as a target and a challenge for hackers or attacks." n Security is the one critical IT issue corporate America isn’t talking about for fear that anything that is said could be construed as an invitation to attack. Experts say this conspiracy of silence only aids those responsible for digital security breaches. n What’s the best course of action?
Acknowledge the problem, pay attention to security threats (both known and unknown), and if your company experiences a security breach, don’t treat it like a dirty little secret. Talking about it internally and sharing information externally with other IT executives and law enforcement authorities will help everyone better understand security threats and improve prevention efforts.
The fear of attack is real and valid. Every day there are new reports of security breaches. The list of companies that publicly suffered attacks last year is a literal A to Z of networked America?Amazon.com, America Online, AT&T, BellSouth, Bloomberg, the CIA, De Beers, E-Trade Securities, the FBI, Lucent Technologies, Microsoft, Qualcomm, The Republican National Committee, Slashdot, Sony Corp. of America, the University of Washington Medical Center, Verizon, Western Union and Yahoo.
These are just some of the publicly acknowledged attacks, say computer security professionals. In a recent survey by the Computer Security Institute, 90 percent of information security managers have detected breaches at their organizations. Despite this alarm, upper management?fearing bad publicity, shareholder wrath and consumer mistrust?has erected a firewall of silence around the double-headed beast of security and privacy. "Nobody wants to admit they’ve had some level of intrusion or break-in, but I can’t imagine that there’s anybody out there who hasn’t had an unauthorized access or attempt," says the executive vice president of IT at a financial services corporation. Only a handful of the companies that have had breached security or compromised data ever report it to law enforcement officials, say the FBI and security consultants.
Encryption Made Easy: The Advantages of Identity Based Encryption
Messaging Security Goes Virtual
Regulations Shift Focus on Outbound Email Security
New 2008 Report: Outbound Email and Data Loss Prevention in Today"s Enterprise
Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services
Forrester Research: Defining a Mobile Enterprise Policy
The Great Email Security Debate: Appliances, SaaS, or Virtual?
Windows Mobile Series: Improving Mobile Security and Management Webcast
Solutions to the Toughest IT Challenges in Remote Offices Webcast
Get Control of Mobile Data (and More): Improve security and reduce costs with a mobility management platform (Video webcast)
The Universal Wireless Client: How to simplify mobility and reduce the cost of supporting mobile workers (Video webcast)
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
China Aims to Protect Olympic Content From Pirates
Samsung Puts 128G-Byte SSDs Into Mass Production
Symantec Warns of New Word Attack
VMware Replaces CEO, Shares Plummet
The Internet Gets a Patch, As DNS Bug is Fixed
Groups: Targeted Ad Program May Be Illegal
US Senate Resumes Debate on Surveillance Bill
Google Launches Blog for Sub-Sahara Africa
Adobe Readying New Mashup Tool for Business Users
Celtel Begins Financial Compensation Program
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
