Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Social Responsibility's Strategic Benefits
December 15, 11:30 AM - 12:30 PM US/Eastern (GMT-5)
Join Ed Granger-Happ, CIO of Save the Children, for a discussion of how creating an organization that is socially responsible improves staffing, retention, leadership development and overall corporate health.
Working With and Communicating to Your Board of Directors
January 13, 2009, 4:00 PM - 5:00 PM US/Eastern (GMT-5)
CIO panelists who will share tips and experiences working with their boards: Twila Day of SYSCO; Jeff O'Hare, West Corp.; Marc West, formerly with H&R Block.
IT's Role in Growing Mid-Market Companies
January 14, 4:00 PM - 5:00 PM ET (GMT-5)
Mid-market Council members will share their companies' stories and challenges in driving or coping with growth. Panelists represent Veterinary Pet Insurance, Medicis Pharmaceutical, and Intrax Cultural Exchange.
Learn more about the CIO Executive Council »
Apply today for a FREE subscription to CIO Magazine!
What You Can Learn about Risk Management from Societe Generale
Weak IT access controls cost the French bank $7.2 billion. The case should prompt you to rethink how you balance IT security with employee access to critical systems.
April 17, 2008 — CIO — It's a lethal combination of process oversights and system failures that is the stuff of CIO nightmares: An investigation into rogue trader Jérôme Kerviel's allegedly fraudulent actions at Société Générale bank uncovered an apparent breakdown in financial and internal IT controls subverted by an employee with IT know-how and authorized systems access.
The tale of Kerviel's exploits, which led to $7.2 billion in losses for one of France's largest banks, continues to unfold as French police probe the 31-year-old trader's transactions. On April 18, Société Générale named its former CFO, Frédéric Oudea, as CEO, replacing Daniel Bouton, who remains the bank's chairman. The company is also rumored to be a takeover target.
Meanwhile, IT experts say, the case should serve as a warning that businesses can do better to manage IT-related risk.
"Much time is spent on protecting the external threat," says J.R. Reagan, managing director and global solution leader for risk, compliance and security at BearingPoint. "But the internal threat can be even larger in terms of risk to the company." In the case of Société Générale, not only were IT security controls insufficient, but the bank's staff did not fully investigate red flags that arose. Recent research by the Ponemon Institute concludes that "insider threats represent one of the most significant information security risks." In a survey of 700 IT practitioners published by the group in February, 78 percent said they believe individuals have too much access to information that isn't pertinent to their jobs, while 59 percent said such access presents business risks. What's more, IT professionals see a disconnect with business leaders: 74 percent said senior management does not view governance of access to information as a strategic issue.
Many business executives don't know what their risks are and, even if they do, they may have a tough time balancing potential losses against potential gains, says Scott Crawford, a security expert and research director at Enterprise Management Associates. "There's always this delicate balancing act between taking advantage of opportunities and doing an effective job of IT risk management," he notes. "This notion of business risk exposure in IT still is a challenge particularly for the CIO but for the business as a whole."
The Société Générale case offers lessons for IT leaders in how to manage access-related risks.
Exploiting a Risky Business
One of Société Générale's primary business lines is derivatives—financial instruments that allow traders to make contracts on a wide range of assets (such as equities, bonds or commodities) and attempts to reduce (or hedge) the financial risk for one party in the deal. Trading derivatives, however, necessitates some aggressiveness and can be fraught with risk. (Think of the infamous story of Nick Leeson, a former derivatives trader whose unauthorized speculative trading led to the collapse of the United Kingdom's Barings Bank in 1995.)
FORTUNE 100 insurance leaders rely on the Symantec Data Loss Prevention solution to protect sensitive customer data.
Do you know where your confidential data is, where it is going, and how to prevent it from leaving your organization.
Learn what the thought-leaders at PricewaterhouseCoopers have to say on the risks associated with data security.
Incorporate best practices from many companies using DLP solutions as you establish your organization's requirements and safeguard confidential data.
35 U.S. organizations that lost confidential information and had a regulatory requirement to publicly notify affected individuals are studied in this report.
The Business Case for Web Application Firewalls, by Ken Tyminski, former VP and CISO for the Prudential Insurance Company of America
Quest Authentication and IBM Tivoli Identity Management
Integrating ActiveRoles With IBM Tivoli Identity Manager 5.0
Check Point Endpoint Security - Unifying Essential Components
Turn your information management best efforts into best practices.
Laptop Security: Where Do CIOs See Weaknesses?
Protecting Sensitive and Confidential Information with Endpoint Security
Revolutionizing Endpoint Security with a Single Agent
How RFID Improves Data Center Efficiency
Building Competitive Advantage with Next-Generation Wireless Infrastructure
Gartner on Data Deduplication Cost Savings
Into the Wild: Managing Laptops Outside the Office
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Clearwire, Sprint Close WiMax Deal
Netbooks: Small, Cheap -- and Fast?
Clearwire, Sprint Close WiMax Deal
'Social Mobile' Applications: the Missing Book
Vista SP2 Due Next April, Says Report
Fear of More Attacks Could Hurt Business in India
London Hospitals Almost Back Online After Worm Infection
Google Earth Used By Terrorists in India Attacks
Microsoft and Yahoo Dismiss Report of Search Deal
China'S NetDragon Teams with EA on Online Game
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
- CIO|
- Computerworld|
- CSO|
- DEMO|
- Game Pro|
- Games.net|
- IDG|
- IDG UK|
- IDG Connect|
- IDG Tech Network |
- IDG World Expo|
- Industry Standard|
- InfoWorld|
- ITworld|
- JavaWorld|
- LinuxWorld|
- MacUser|
- Macworld|
- Network World|
- PC World|
- Playlist|
- CIO UK|
- CIO Germany|
- CIO China|
- CIO Sweden|
- CIO Australia|
- Other CIO Sites
