Should The Security Chief Report To Someone Outside IT?
McAfee CEO David DeWalt sees more companies are having the chief information security officer report to someone other than the CIO. The reasoning is security involves much more than data security-and that IT needs a watchdog over its attempts to secure information.
McAfee CEO David DeWalt sees more companies are having the chief information security officer report to someone other than the CIO. The reasoning is security involves much more than data security-and that IT needs a watchdog over its attempts to secure information.DeWalt spoke at the InformationWeek 500 Conference in Tucson Tuesday, spotlighting the five broad trends he sees in security. In a conversation after his keynote, DeWalt spotlighted one other change, with the CISO increasingly reporting to the CFO or another executive.
One main reason is that more companies are putting a single executive in charge of information and physical security, DeWalt said. Some of the biggest security problems relate to human resource issues: getting a laptop back and security turned off for departing employees, hiring the right people and doing appropriate background checks. Another reason is companies feeling like they need someone in a watchdog role around IT's efforts to protect information, almost like an audit or compliance function.
DeWalt knows this doesn't sit well with many CIOs, who feel this is taking control and authority away from them. His recommendation, and what he does at McAfee, is dual reporting, where the CISO reports to the CIO and to him as CEO.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.