Should The Security Chief Report To Someone Outside IT?
McAfee CEO David DeWalt sees more companies are having the chief information security officer report to someone other than the CIO. The reasoning is security involves much more than data security-and that IT needs a watchdog over its attempts to secure information.
McAfee CEO David DeWalt sees more companies are having the chief information security officer report to someone other than the CIO. The reasoning is security involves much more than data security-and that IT needs a watchdog over its attempts to secure information.DeWalt spoke at the InformationWeek 500 Conference in Tucson Tuesday, spotlighting the five broad trends he sees in security. In a conversation after his keynote, DeWalt spotlighted one other change, with the CISO increasingly reporting to the CFO or another executive.
One main reason is that more companies are putting a single executive in charge of information and physical security, DeWalt said. Some of the biggest security problems relate to human resource issues: getting a laptop back and security turned off for departing employees, hiring the right people and doing appropriate background checks. Another reason is companies feeling like they need someone in a watchdog role around IT's efforts to protect information, almost like an audit or compliance function.
DeWalt knows this doesn't sit well with many CIOs, who feel this is taking control and authority away from them. His recommendation, and what he does at McAfee, is dual reporting, where the CISO reports to the CIO and to him as CEO.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.