Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

CIO Executive Council

A Peer-Advisory Service and Professional Association for CIOs

Webcast: In the Google Apps Cloud: How to Achieve Your Business Objectives

Dec 3rd, '09, 1 - 2 pm US/Eastern (GMT-5)

Join Council member Brent Hoag, Director, Global IT, at JohnsonDiversey, as he discusses the adoption of Google Apps which has helped meet four corporate goals; sustainability, simplification, increased employee productivity and global collaboration.

Webcast: Collaboration Initiatives: Benchmarks & Best Practices

Dec 15th, '09, 4 - 5 pm US/Eastern (GMT-5)

Join Council members Ruth Thorpe, VP & CIO at the U.S. Pharmaceutical Operations of Sanofi-Aventis, and Gary Kuyper, CIO at Bethany Christian Services, as they speak about their collaboration initiatives and experiences in how and why they chose the social networking and collaboration tools they are using and their business goals for collaboration, and facing culture change challenges.

Data Overview: Collaboration Initiatives Field Guide: Benchmarks & Best Practices

This appendix to the Council Field Guide provides an analysis which discusses benchmarks for collaboration IT implementation costs, adoption rates and payoffs. The overview identifies top IT and business goals and satisfaction rates for collaboration initiatives as well as best practices and lessons learned for implementing collaboration IT.

More / Register »

Learn more about the CIO Executive Council »

RESOURCE CENTER

buy a link »

News Feature

Acceptable Risk

?I want every state employee to have access to the Internet.?So went Secretary of State Colin Powell?s battle cry for ...

Leave a comment

By Sarah D. Scalet

January 15, 2002 — CIO —

?I want every state employee to have access to the Internet.?

So went Secretary of State Colin Powell?s battle cry for improving the morale and efficiency of his troops upon taking office in early 2001. It may seem like a retro goal for the year 2002, but the U.S. Department of State has always had one good excuse for not having cutting-edge technology: security. In the late 1990s, the department?s OpenNet platform gave 30,000 users around the world access to a department intranet and e-mail but not to the Internet. The department was following a strict policy of risk avoidance, but now officials say it?s time for a change.

?Risk avoidance is to stick your head in the sand and say, ?We?ll be safe if we never use the Internet,?? says State Department CIO Fernando Burbano. ?We?re doing risk management now. We know how to add the additional security and how to tighten things up.? That means penetration testing in which white-hat hackers (the good guys) look for holes in the system. It also means that users won?t have all the risky bells and whistles most businesspeople enjoy, such as the ability to run ActiveX and JavaScript on their Web browsers.

Thanks to the $110 million that Powell has earmarked to fund Internet access, users will no longer have to jostle for Internet time on standalone computers. Instead of shuttling between three computers, they?ll use only two: one for classified information, and another for unclassified and ?sensitive but unclassified? information. (Well, sort of. Many users have one monitor and keyboard and use an electronic switch to toggle between classified and unclassified CPUs. The classified hard drive is removed and locked in a safe while not in use.)

Burbano says that by adding on to the OpenNet platform rather than supporting a third computer for every user, the department slashed its price per seat from $5,400 to less than $1,000.

The attitude adjustment from one of risk avoidance to risk management will be a big leap for some?especially considering the newly urgent threat of cyberterrorism, plus the department?s history of embarrassing security lapses. In 2000, the State Department had to remove from its systems software written by a citizen of the former Soviet Union, and a laptop containing classified information disappeared from headquarters.

In spite of the danger and spotty track record, security experts say the department needs to start dealing with security issues rather than just trying to avoid them. ?State needs Internet connectivity with the world to do its job effectively,? says Dorothy Denning, author of Information Warfare and Security and a professor of computer science at Georgetown University. ?You can?t be a participant in today?s society without opening yourself up to security risks.?