Commentary
Security Is Not Insurance
What's the hardest part of a chief security officer's job? Evaluating new technologies? Establishing policies for users to follow? Actually, it's more political than that, Jim Routh, chief security officer of Depository Trust & Clearing Corp., said during an Interop presentation Tuesday. "The hardest part of a CSO's job is influencing information security and practices that will be implemented throughout an organization," he said. "It's a delicate process, particularly when you're asking an IT or business manager to rethink how they operate. Education is probably the most important strategic tool for a CSO, without a doubt." And you thought wayward data tapes throwing themselves off of the back of delivery trucks were going to be your biggest challenge.What's the hardest part of a chief security officer's job? Evaluating new technologies? Establishing policies for users to follow? Actually, it's more political than that, Jim Routh, chief security officer of Depository Trust & Clearing Corp., said during an Interop presentation Tuesday. "The hardest part of a CSO's job is influencing information security and practices that will be implemented throughout an organization," he said. "It's a delicate process, particularly when you're asking an IT or business manager to rethink how they operate. Education is probably the most important strategic tool for a CSO, without a doubt." And you thought wayward data tapes throwing themselves off of the back of delivery trucks were going to be your biggest challenge.Security threats are changing all the time, based upon people, processes, and technology introduced into IT environments. CSOs have to take information about threats both within and outside their networks, figure out how they change from day to day and create a risk profile they can share with the business side of the house. "Once you have a risk profile, you have context for decision making," said Routh, whose company and its subsidiaries provide clearing, settlement, and custody of most U.S. securities transactions.
Chief security officers speak the language of risk management, which is statistics. The more information they have, the better they can secure a company. "Although there's no way to eliminate risk, companies can manage risk," noted Routh, a former chief information security officer with American Express.
More Security Insights
White Papers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Reports
More >>Webcasts
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
Statistics are useful in another way; they help security executives justify investments in the products and services they buy. The old adage of security being like insurance won't fly anymore. "When you bring an umbrella, it usually doesn't rain," Routh said. That's why it's important for chief security officers to think in terms of how much money their companies could be spending on government fines, customer lawsuits, and contingency plans for when their systems get hacked.
Related Reading
| To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. | |
|
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More












