Should The Security Chief Report To Someone Outside IT?

Posted by Chris Murphy, Sep 18, 2007 03:42 PM

McAfee CEO David DeWalt sees more companies are having the chief information security officer report to someone other than the CIO. The reasoning is security involves much more than data security—and that IT needs a watchdog over its attempts to secure information.

DeWalt spoke at the InformationWeek 500 Conference in Tucson Tuesday, spotlighting the five broad trends he sees in security. In a conversation after his keynote, DeWalt spotlighted one other change, with the CISO increasingly reporting to the CFO or another executive.

One main reason is that more companies are putting a single executive in charge of information and physical security, DeWalt said. Some of the biggest security problems relate to human resource issues: getting a laptop back and security turned off for departing employees, hiring the right people and doing appropriate background checks. Another reason is companies feeling like they need someone in a watchdog role around IT's efforts to protect information, almost like an audit or compliance function.

DeWalt knows this doesn't sit well with many CIOs, who feel this is taking control and authority away from them. His recommendation, and what he does at McAfee, is dual reporting, where the CISO reports to the CIO and to him as CEO.

What do you think? Is this another example of chipping away at CIO influence and authority , or a common sense approach given the expanding view of what company security means?

« Apple's Genius Bar Is Cool, But Not Consumer Friendly | Main | IT Still Grappling With Mobile Device Management »

This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.

InformationWeek Chief Of The Year:
Call For Nominations

Know a dynamic, future-oriented tech chief? We're looking for the most insightful, innovative, forward-thinking business technology leader to honor as our 2008 Chief Of The Year. "Tomorrow's CIO" is the theme of our InformationWeek 500 Conference, and of a recent in-depth InformationWeek Analytics Report based on our extensive survey. The qualities identified with Tomorrow's CIO—equal parts leadership, vision, business savvy, technology expertise--are what we're looking for in our Chief Of The Year.

Candidates must be CIOs, CTOs, or VP-of-IT level executives. Nominations will be accepted now through Oct. 31, 2008.

Please send your nominations to: cjmurphy@techweb.com.

Sign Up For The CIOs Uncensored Newsletter

Every Thursday, Chris Murphy and his fellow analysts explore the business, strategy, and management issues most important to IT leaders.

Sign up for our free, weekly newsletter today!

Newsletter Archives

Global CIO Video

Blog Categories
Healthcare Cloud Computing Enterprise 2.0 Digital Life Grok On Google Over The Air Outsourcing Global CIO Startup City Information Management Content Management Green Computing Full Nelson Unified Communications	Government IT Analytics Tech Stocks Interop Security Microsoft Apple Unvarnished Open Source Wolfe's Den David Berlind's Tech Radar Virtualization Storage Backup and Business Continuity Blog Homepage

Multicore Programming Blog

Join The InformationWeek Group On LinkedIn

InformationWeek

Business Innovation Powered By Technology

Should The Security Chief Report To Someone Outside IT?