The CISO, CIO, CEO, and You: Assigning Responsibility for Cyber Security

The IT security threat looms ever larger. It’s such a significant problem that it’s almost discussed as a proper noun – “the IT Cyber Theat.” But as Mark Samuels argues in an article for ZDNet, there are other, less dramatic (though no less important) issues facing IT security experts today. Samuels turns to five such experts to determine where their priorities lie.

Employee Accountability

David Allison, who is head of business systems at Aggregate Industries argues that security ought to be “the responsibility of every employee.” Accountability ought to come down to education and a general awareness of one’s role in keeping IT secure. Better than firewalls and anti-virus software, the informed workforce offers an “embedded” line of defense against imminent and potential threats alike.

Security Products are Overrated

Tim Holman, president of the Information Systems Security Association for the UK (ISSA-UK), offers his opinion on the security of technology products:

“The cyber threat cannot be solved by buying products…A common-sense approach of reducing the amount of sensitive data stored, booting out insecure suppliers, restricting access to information and getting cyber liability cover will often be ten times as effective and ten times cheaper than the next generation security appliance with flashing lights sold to you by expert salesmen.”

Work and Play

Head of information services and infrastructure at the Press Association David Reed believes that mobile management represents one of the greatest security threats to IT. His team created a special container for information-sensitive company materials on all employee smartphones, thus separating private employee data from work data.

And CIO Omid Shiraji of Working Links is convinced that the CIO (perhaps more so than employees) bears the greatest responsibility to ensure information security. While some might call for a CISO position to handle the ever-increasing levels of security risk, Shiraji is confident that services purchased as a commodity will suffice:

“IT security is a commodity where you can go and buy products and expertise from a provider…The same is true in regards to business security in many cases – the processes and governance are a commodity that you can purchase as a managed service.”

Balancing Buy-In with Bad News

Vetted CIO Julian Self is at odds with Shiraji’s advice, insisting that the CISO is a growing and necessary position that adds critical value to most organizations, especially those in the financial sector. Self sees the acceleration of technical complexity as a challenge to established IT infrastructure. Such a professional must always seek business buy-in without alienating counterparts with scare tactics. In other words, address the “IT Cyber Threat” without all the doomsday drama.

Read the original article at:

Show More

Leave a Reply


We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.