Commentary
The Changing Role Of The CISO?
Just a few years ago, the chief information security officer's focus was to defend business-technology systems from the continuous barrage of viruses, worms, denials-of-service, and many other types of attacks that placed system availability and information at risk. For many, I suspect, this role has changed dramatically.Just a few years ago, the chief information security officer's focus was to defend business-technology systems from the continuous barrage of viruses, worms, denials-of-service, and many other types of attacks that placed system availability and information at risk. For many, I suspect, this role has changed dramatically.It all started with the high-profile cases of corporate fraud, increases in identity theft, transaction fraud, and breaches of personally identifiable financial information. These ushered in a tsunami of state, federal, and industry regulations that purport to reduce corporate fraud and secure electronic information.
And yet we still have insider frauds the likes of the SocGen fraud and breaches like the TJX fiasco. But I digress.
More Security Insights
White Papers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
Reports
More >>Webcasts
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
All of these government and industry regulatory pressures affect nearly every organization. From Sarbanes-Oxley, which governs the accounting information of publicly traded companies, to the California Security Breach Information Act (SB 1386), which aims to give consumers adequate notice whenever specific financial account information is breached. As well as the final security rules for the Health Insurance Portability and Accountability Act (HIPAA). And then there's the credit card industry's PCI Data Security Standard that touches nearly every retailer.
I'm sure I'm forgetting a few dozen new regulations, or mandates. So where do organizations turn when they need all of the new policies and procedures in place to ensure these rules are enforced throughout their organization? Usually, it's the CISO.
So how has this changed the day-to-day life of the chief information security officer? Are you spending more time designing strategies to successfully answer an auditor's checklist? Or, are you working to ensure all of the custom applications designed in your organization are developed securely?
Are you trying to figure out more cost-effective ways to manage the barrage of internal controls your company has recently put into effect to grapple with Sarbanes-Oxley; or are you making sure each and every employee has the training they need keep their endpoints safe?
Let us know where the bulk of your attention goes nowadays. Is it combating regulatory mandates, or security threats?
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More
