Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29
Apply today for a FREE subscription to CIO Magazine!
News Feature
Good Reasons to Hand Off Security to the CSO
April 15, 2004 — CIO — For 40 years there has been little reason for anything computer related to fall outside IT’s command. But that era is coming to an end. The evolving and increasingly important role of information security requires the background of a geek and the instincts of a cop. Information security crashes together two functions: traditional corporate security and IT. The ex-cops over in corporate security who watch the doors and suspicious behavior are using more and more technology to get their jobs done. And the stakes in an IT security breach have risen so high that IT people who know firewalls but can’t fathom the motives of a disgruntled employee are no longer able to protect their companies from what could be serious financial losses, extended network downtime and badly damaged relationships with customers.
So struggle over who gets information security is growing: IT, the traditional security group or a new function that is distinct from both groups. There is already clear evidence that IT is going to lose the fight-and more important, that it should. In an October 2003 CIO magazine survey, respondents who described themselves as "very confident" in their companies’ security were nearly twice as likely to have information security reporting outside of IT than those who described themselves as "not at all confident" in their security. The reasons for the confidence are clear: Confident companies suffered nearly six times fewer security events, had less downtime and fewer financial losses than the less confident companies. And they allotted more money toward security: The percentage of the IT budget that confident companies spent on security was double that of the not confident group (14 percent versus 7 percent), and they paid more attention to organizational reporting and security policy issues.
There are other reasons to move security. Some argue that keeping responsibility for policing security within IT can pose a potential conflict of interest for the CIO, who may be tempted to give short shrift to security concerns in favor of getting IT projects in on time and under budget. And catching hackers requires the ability to think like a criminal, something IT employees are not trained to do. Then there’s the workload issue: Don’t CIOs have enough on their plates these days without having to deal with the burgeoning and evolving challenge of worrying about all aspects of a company’s security? Having security responsibilities reside in the hands of a CSO or equivalent-and in particular someone who reports outside of IT-could be better for the CIO’s career and the health of the IT group as well as the overall organization. A CSO can focus full-time on security, unlike a CIO who is often pulled in several different directions.
Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services
Forrester Research: Defining a Mobile Enterprise Policy
Windows Mobile Users Capture Value from Mobile Applications
Mobility for the People- Ready Business
Mobility Solutions in Enterprise-Size Businesses: Quantifying the Return on Investment (IDC Study)
Symantec Data Center Foundation Solutions
Windows Mobile Series: Improving Mobile Security and Management Webcast
Solutions to the Toughest IT Challenges in Remote Offices Webcast
Get Control of Mobile Data (and More): Improve security and reduce costs with a mobility management platform (Video webcast)
The Universal Wireless Client: How to simplify mobility and reduce the cost of supporting mobile workers (Video webcast)
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
ProCurve Access Control Video
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Lithuania: Attacks Focused on Hosting Company
Google Bows to Pressure, Adds 'Privacy' Link to Home Page
TSMC Says 2Q in Line Or Better After Major Customer Falls
Asustek to Offer Eee PC with Built-in 3G Wireless
Asustek's Latest Eee PCs Shipping in Asia in July
Lenovo Seeks Prestige in Price-Sensitive Market
Microsoft's Silverlight Draws Patent Suit
A Tale of Two City Wi-Fi's
Google Under Pressure As App Engine Requests Rise
Wall Street Beat: IT Slumps in First Half
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
