Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Webcast: In the Google Apps Cloud: How to Achieve Your Business Objectives
Dec 3rd, '09, 1 - 2 pm US/Eastern (GMT-5)
Join Council member Brent Hoag, Director, Global IT, at JohnsonDiversey, as he discusses the adoption of Google Apps which has helped meet four corporate goals; sustainability, simplification, increased employee productivity and global collaboration.
Webcast: Collaboration Initiatives: Benchmarks & Best Practices
Dec 15th, '09, 4 - 5 pm US/Eastern (GMT-5)
Join Council members Ruth Thorpe, VP & CIO at the U.S. Pharmaceutical Operations of Sanofi-Aventis, and Gary Kuyper, CIO at Bethany Christian Services, as they speak about their collaboration initiatives and experiences in how and why they chose the social networking and collaboration tools they are using and their business goals for collaboration, and facing culture change challenges.
Data Overview: Collaboration Initiatives Field Guide: Benchmarks & Best Practices
This appendix to the Council Field Guide provides an analysis which discusses benchmarks for collaboration IT implementation costs, adoption rates and payoffs. The overview identifies top IT and business goals and satisfaction rates for collaboration initiatives as well as best practices and lessons learned for implementing collaboration IT.
Learn more about the CIO Executive Council »
How to Staff Up for Security
Last year, David Saul, executive vice president and CIO of commercial insurer Zurich North America, pulled a dozen IT staffers ...
May 15, 2002 — CIO —
Last year, David Saul, executive vice president and CIO of commercial insurer Zurich North America, pulled a dozen IT staffers away from their daily tasks to combat a virus that was attacking the company’s firewalls. They did a good job limiting the damage, but it took two days?two days in which other work did not get done. Next time, Saul hopes to be ready to respond before a threat surfaces. "We want to be in a safety zone that doesn’t require that kind of immediate mobilization," he says.
That’s why Saul increased his full-time information-security staff from 12 to 18 people, mostly by training, reorganizing and reassigning IT people to security. "Good security equals prevention, detection and reaction," says Saul, who is based in Schaumburg, Ill. "If you’re not going to staff to make the process work, then your exposure to security breaches is higher."
That exposure is an increasingly widespread problem. In a 2001 survey of security practitioners conducted by the Computer Security Institute and the FBI, 85 percent of respondents (primarily from large corporations and government agencies) had detected computer security breaches in the previous year, and 64 percent of those respondents acknowledged suffering financial losses.
In fact, there’s no limit to the damage evildoers can inflict. Sept. 11 proved that. In this environment, many people believe that it’s sheer madness to have an IT staff handling information security on an ad hoc basis. "It’s a hard-and-fast rule, in my opinion," says John Hartmann, vice president of security and corporate services of Cardinal Health, a $47 billion health-services provider in Dublin, Ohio. "If the two roles are shared, business priorities will drive security to a lower priority."
Tim Mitchell, CIO of Sarnoff, an electronic, biomedical and information technologies company in Princeton, N.J., disputes that, saying that his IT staff handles security very well, thank you. But he does agree that people charged with security responsibility must be organized into a team?as his are?carrying out a coherent security program that sets out specific responsibilities and requires regular meetings.
A security team needs to set policies and procedures, assess vulnerability, detect intrusion, respond to incidents and manage security architecture. And perhaps most important of all, it needs a leader.
Finding skilled security professionals to carry out this mission can be tough, and the alternative?training in-house IT staffers who are security novices?can be costly and time-consuming. (Outsourcing security is another option. To read a cautionary tale about the pitfalls of outsourcing security, check out "Exposed," at www.cio.com/printlinks.) But whichever route you choose, here are some ways to enhance your chances of success.
The CIO Calls the Shots
Adobe for Business Process Automation
Increase Customer Satisfaction and Lower TCO
Upgrading to VMware vSphere with vWire
Using ERP To Gain Competitive Advantage in a Tough Economy
Powerful Software Solutions for Midsize Companies
Extending Client Refresh - 11 Steps to Maximize Savings
The Last Software You'll Ever Buy? The Platform Approach to Development
Beyond Installing ITPM Software: How a global company reduced risk and successfully implemented ITPM
Informatica 9: What it means for the CIO?
The Case for Data Protection for SMBs
Enterprise Capture: Your Onramp to Business Process Automation
Time: 11:00 AM PT/2:00 PM ET
Today more than ever companies are see...
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
RIM, Motorola Latest Defendants in Visual Voicemail Suit
New IPhone Worm Steals Online Banking Codes, Builds Botnet
Microsoft Begins Paving Path for IT, Cloud Integration
Microsoft Confirms IE6, IE7 Zero-Day Bug
Report: Apple's 'Black Friday' Deals Cut Mac Prices 8%
11 Security Tips for Black Friday, Cyber Monday
Momentum Builds for Open Content Management Standard
BlackBerry Bold 9700: Why It's RIM's Best BlackBerry Ever
Mobile Groups Protest Proposed Net Neutrality Rules
Information Security and Business Strategy Part 1
