Project Management Newsletter
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO Project Management
 CIO Careers
 CIO Outsourcing
 CIO Leader
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Turn Geeks into Leaders

June 17, 11:30 AM - 12:30 PM U.S./ET (GMT-4)

Larry Bonfante, CIO of the U.S. Tennis Association, will discuss the skills and approaches that your rising IT leaders must learn to be effective in an executive capacity.

How to Handle Your New CEO: Managing Turnover at the Top

June 18, 11:00 AM - 12:00 PM U.S./Eastern (GMT-4)

Turbulent times have increased turnover at the top. Find out what Council CIOs have done to "break in" new CEOs—build relationships, set expectations, educate on the role of IT.

Mid-Market CIO Panel: Tips and Techniques for Improving Vendor Relationships

July 15, 4:00 PM - 5:00 PM U.S./Eastern (GMT-4)

We'll highlight relationship priorities and best practices identified in a Council study, and we'll interact with a CIO panel on the approaches they've used to improve strategic vendor partnerships.

Executive Competencies Assessment Tool

Assess Your Business Leadership Skills with the Council's new benchmarking tool. Rate yourself in change leadership, strategy, customer focus and more.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
News Feature
 

How to Staff Up for Security

Last year, David Saul, executive vice president and CIO of commercial insurer Zurich North America, pulled a dozen IT staffers ...

 

By Eric Berkman

May 15, 2002CIO

Last year, David Saul, executive vice president and CIO of commercial insurer Zurich North America, pulled a dozen IT staffers away from their daily tasks to combat a virus that was attacking the company’s firewalls. They did a good job limiting the damage, but it took two days?two days in which other work did not get done. Next time, Saul hopes to be ready to respond before a threat surfaces. "We want to be in a safety zone that doesn’t require that kind of immediate mobilization," he says.

That’s why Saul increased his full-time information-security staff from 12 to 18 people, mostly by training, reorganizing and reassigning IT people to security. "Good security equals prevention, detection and reaction," says Saul, who is based in Schaumburg, Ill. "If you’re not going to staff to make the process work, then your exposure to security breaches is higher."

That exposure is an increasingly widespread problem. In a 2001 survey of security practitioners conducted by the Computer Security Institute and the FBI, 85 percent of respondents (primarily from large corporations and government agencies) had detected computer security breaches in the previous year, and 64 percent of those respondents acknowledged suffering financial losses.

In fact, there’s no limit to the damage evildoers can inflict. Sept. 11 proved that. In this environment, many people believe that it’s sheer madness to have an IT staff handling information security on an ad hoc basis. "It’s a hard-and-fast rule, in my opinion," says John Hartmann, vice president of security and corporate services of Cardinal Health, a $47 billion health-services provider in Dublin, Ohio. "If the two roles are shared, business priorities will drive security to a lower priority."

Tim Mitchell, CIO of Sarnoff, an electronic, biomedical and information technologies company in Princeton, N.J., disputes that, saying that his IT staff handles security very well, thank you. But he does agree that people charged with security responsibility must be organized into a team?as his are?carrying out a coherent security program that sets out specific responsibilities and requires regular meetings.

A security team needs to set policies and procedures, assess vulnerability, detect intrusion, respond to incidents and manage security architecture. And perhaps most important of all, it needs a leader.

Finding skilled security professionals to carry out this mission can be tough, and the alternative?training in-house IT staffers who are security novices?can be costly and time-consuming. (Outsourcing security is another option. To read a cautionary tale about the pitfalls of outsourcing security, check out "Exposed," at www.cio.com/printlinks.) But whichever route you choose, here are some ways to enhance your chances of success.

 
 
Loading...
 
WHITE PAPERS

Meet Rising Demands on IT and Cut Costs

Strategies for Modernizing IT, Reducing Costs, and Improving Operational Efficiency
 

Save On Data Center Costs

Using a five step process one organization was able to eliminate more than 2,000 servers from their IT infrastructure
 

Deliver Higher-Performing Technology Services with ITIL

Enable the business and your IT organization to cope with the effects of economic stress.
 

The Future of Financial Reporting

Finance and accounting executives must understand, adapt to, and manage the costs associated with changes: and doing so opens an opportunity to leverage this shift to better position their companies in the eyes of the investment community.
 

Enterprise Performance Management

15 years after "The Performance Measurement Manifesto" was published by the Harvard Business Review, companies continue to redesign how they measure their business performance.
 

How Tomorrow's Leaders Will Get Ahead

Read how Oracle's Strategy-to-Success framework can guide you on your evolutionary journey to Management Excellence.
 

WEBCASTS

BMC Service Assurance Demo

What if you could predict disruptive IT events and automate their resolution -- all before they disrupt your busine...
 

BMC Service Automation Demo

BMC Service Automation automates repetitive, manual tasks (such as provisioning, patching and compliance) to reduce...
 

BMC Application Performance and Analytics: Predictive Intelligence in Action

See the highlights of BMC's Application Performance and Analytics; a predictive, resourceful and intelligent soluti...
 

Taking the Service Desk to the Next Level

Listen to this conversation with Doug Mueller to learn how standards and processes have evolved to bring us the ser...
 

How to Reduce Eclipse BIRT Development Effort for Data Visualizations

Live Webcast: Wednesday July 15th 2 PM ET / 11 AM PT

Web applications can come with a long list of visualiz...
 

Gen Y: IT's 'FWC' - Friends with Challenges

IT Professionals are positive on Gen Y employees. But that's just half the story. Their love affair with social med...
 

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Taking the Service Desk to the Next Level

Maximizing the Business Value of the PC Infrastructure

How Interactive Viewer Reduces the Effort to Meet Visualization Requirements

Top 10 Business and IT Drivers for the Wealth Management Sector

BPM Survey Results: The Real-World Analysis

BPM: Leveraging Competencies and Streamlining Processes to Achieve Operational Excellence

Achieving Pervasive Performance Management

Automating the Generation and Secure Distribution of Excel Reports

Introducing the new HP ProLiant G6 server family

Accenture: Outsourcing for Competitive Advantage. More...

Better spam protection with Postini for just $1/user/mo

Introducing the new HP ProLiant G6 server family

infoBOOM! - The Mid-Sized Company CIO's Exclusive Community

Accenture IT Consulting: Logical meets technological. More . . .

The Fraudster Economy Model: Operating a Business in the Underground

Get agile IT security with CA Security Management

Trade in your old laser printer and get up to $1000 back!

Revolutionizing Enterprise Application Deployment

Why Data Loss is Increasing--and What You Can Do About It

Learn how to managing client systems in the enterprise.

Build a High-Performance Open Web Platform

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

White Paper: 8 Key Ingredients to Building an Internal Cloud

Seven Ways ITIL Can Help You in an Economic Downturn

Communications and Collaboration Needs at Business Organizations

Top-line Performance that's Bottom-line Efficient

5 Steps to Automating Accounts Payable

BPM ROI calculator

Disciplined Autonomy: Resolving the Tension Between Flexibility and Control

Smart Decisions: The Role of Key Performance Indicators

Get Google Enterprise Search for your business information.

Accenture IT Consulting: Enabling high performance. More...

Top Five CIO Challenges

Insight makes it easy to spend your Microsoft subsidy check.

Five minute business analytics assessment. Immediate results.

Dangerous Collaboration Practices: 5 Ways IT Can Minimize Risk

Accenture: Outsourcing for uncertain times. Click to learn more.

Payback in 9 months with CA Spectrum solutions

The Case for Investing in Business Analytics Technology. Read white paper.

Live Webinar: Applying Business Analytics. Click here to learn more

Developing A Dynamic, Real-Time IT Infrastructure

Data Loss Prevention: A Better Way to Approach Security

Using Open Source to Deploy Web Applications

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Stop Application Fraud at the Source with Device Reputation

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series