SEPT. 11, 2001, was a wake-up call to corporate America. All of us have been made painfully aware of an urgent need to assess and upgrade the security protecting our information systems, and to protect the privacy and physical security of our workplaces. As a key step in achieving those goals, companies need to establish a new executive-level position, that of the chief security officer (CSO). If your company doesn’t already have one, the CSO will be your must-hire for 2002.The executive who can successfully rise to this challenge will have a diverse skill set. The CSO will not only have to understand the technology environment of the company but will also need to partner with the business and technology leadership to design and implement solutions that align the security needs of the business with the technical capabilities of the IT staff. Most important, this executive will develop and promote sound security practices and focus the employees on their individual and corporate responsibility to adopt those practices. Hiring a CSO requires redefining the culture of the company. The CSO will partner with HR and corporate trainers to teach the staff and subsequent new hires that everyone is required to participate in protecting the company’s security. That approach can actually be very unifying because it is one aspect of working at the company that everyone will have in common. That common bond can be exploited to build good will for other initiatives as well.In a time of widespread corporate layoffs and terrorist threats, the vulnerability of a company to potential security breaches has never been more real. So the days of hiring a semireformed hacker to head security are long gone. In order to understand and offer solutions for the security issues of the organization, the CSO will need to have broad-based experience with technologies such as public-key infrastructure, enterprise user management, network and host intrusion detection, firewalls, single sign-on, biometrics and so on. Preferably, the CSO is professionally certified as well. One of the most sensitive issues surrounding this new office is reporting relationships. The logical argument might seem to have the CSO report to the CIO, because the CIO heads IT. The CIO might argue that this position should be a direct report because ultimately all decisions affecting technology should rest in his hands. However, a core responsibility of the CSO will be vulnerability assessment and risk management. Therefore the CSO should report to the COO or CEO. After all, the CSO will evaluate the technology environment and audit the security measures implemented by the CIO. It is in the company’s and the CIO’s best interest to have the CSO perceived as an impartial assessor of the technology environment instead of a possible rubber stamp. Think of the CSO as the head of quality assurance for security. The CSO can also partner with the CIO to be an advocate for IT and to proselytize the need for expanding the IT budget to pay for necessary security measures. The CSO can also act as a powerful liaison between the business leadership and the IT leadership, drawing them together with the common goal of protecting the intellectual and physical assets of the company. For the first time, we are being asked to unite in ensuring our homeland’s security. Corporate America is being held accountable for its own security as well as actively participating in issues affecting national security. Experienced strategic leadership is required to achieve those goals. The CSO is the perfect executive to take on the challenge. n Related content how-to How to create an effective business continuity plan A business continuity plan outlines procedures and instructions an organization must follow in the face of disaster, whether fire, flood, or cyberattack. Here’s how to create a plan that gives your business the best chance of surviving such an By Mary K. Pratt, Ed Tittel, Kim Lindros Dec 07, 2023 11 mins Small and Medium Business Small and Medium Business Small and Medium Business interview WestRock CIDO Amir Kazmi on building resiliency Multidimensional resiliency is vital to setting yourself, your teams, and your organization up for success. Kazmi sets the tone at WestRock by recognizing the pace of change, instilling a learning and growth mindset, and being transparent with his te By Dan Roberts Dec 07, 2023 8 mins IT Strategy Staff Management IT Leadership brandpost Sponsored by FPT Software Time for New Partnership Paradigms to Be Future-fit By Veronica Lew Dec 06, 2023 5 mins Vendors and Providers brandpost Sponsored by BMC Why CIOs should prioritize AIOps in 2024 AIOps empowers IT to manage services by incorporating AI/ML into operations. By Jeff Miller Dec 06, 2023 3 mins IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe