Editor's Note: Security Chiefs Wear Many Hats On The Job
I was leaving a parking garage in D.C. the other day, and as I approached the cashier, I saw a video monitor behind her (key word--behind) with modules for about nine cameras. As I got closer, I realized that only two of the modules were actually showing live video. One was of a concrete wall. The other was pointed to the cars exiting the garage--not the license plates, mind you, but the tops of the cars. Why have security cameras if they aren't really doing anything--like keeping an eye on the cars in the bowels of the garage? Or on the entrances to the building, where thieves (or worse) could be entering or exiting? Even if all of the cameras were working effectively, why was the monitor behind the person in the booth collecting parking fees? Finally, it was my turn. I realized that the person collecting fees not only was the cashier but also the "security manager," according to her name tag. So the security manager ran my credit card through the system while the video cameras were either off or pointing to seemingly irrelevant places. I wasn't feeling real secure about my parking decision. As I exited the building, I passed police car after police car parked around various government buildings and the perimeter of the White House. National Guard members were plentiful. OK, then I was feeling secure.
How's your company data feeling? Like it's protected by a cashier doubling as a security manager or by the National Guard? Improving security has been a priority long before Sept. 11, but many companies are taking the job even more seriously by creating specific executive positions--chief security officers. Sure, these titles also existed at some companies before Sept. 11, but these folks have been elevated to a whole new level. It's not a job for the weak of heart. Being a CSO requires the ability to secure computing environments that have fewer walls and more collaborative relationships with partners and customers; the ability to protect an increasing amount of wireless data and services; the ability to prevent, or at the least react quickly to, an increasing number of viruses; the ability to keep pace with emerging policies and legislation designed to protect the nation's infrastructure; a need to make the CEO, stockholders, and customers comfortable; and a need to ensure that employees are productive and efficient while understanding and following important company policies. It takes communication, evangelism, and a little bit of politics.
On page 34, senior writer Mary Hayes takes a close look at these execs and gives you a taste of what their life is like. Does your company have a CSO? What's it waiting for?
Stephanie Stahl Editor
To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.