Should The Security Chief Report To Someone Outside IT?
McAfee CEO David DeWalt sees more companies are having the chief information security officer report to someone other than the CIO. The reasoning is security involves much more than data security-and that IT needs a watchdog over its attempts to secure information.
McAfee CEO David DeWalt sees more companies are having the chief information security officer report to someone other than the CIO. The reasoning is security involves much more than data security-and that IT needs a watchdog over its attempts to secure information.DeWalt spoke at the InformationWeek 500 Conference in Tucson Tuesday, spotlighting the five broad trends he sees in security. In a conversation after his keynote, DeWalt spotlighted one other change, with the CISO increasingly reporting to the CFO or another executive.
One main reason is that more companies are putting a single executive in charge of information and physical security, DeWalt said. Some of the biggest security problems relate to human resource issues: getting a laptop back and security turned off for departing employees, hiring the right people and doing appropriate background checks. Another reason is companies feeling like they need someone in a watchdog role around IT's efforts to protect information, almost like an audit or compliance function.
DeWalt knows this doesn't sit well with many CIOs, who feel this is taking control and authority away from them. His recommendation, and what he does at McAfee, is dual reporting, where the CISO reports to the CIO and to him as CEO.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.