What would you do as chief information security officer
- 19 February, 2007 14:38
- Comments
Becoming the chief information security officer (CISO) of a corporation makes you a strategic IT advisor to business management, the chief information officer, and the rest of the information technology staff. Just as no company is the same as another, the job of CISO -- or alternately, "chief security officer," which might include physical security as well -- isn't either. The four security professionals who share their priorities with us make it clear there's nothing cookie-cutter about the top IT security job.
Name: Beth Cannon
Title: Chief security officer at San Francisco-based merchant bank Thomas Weisel Partners
Installed base: 700 employees using servers, desktop and laptop computers, plus 450 handhelds, mainly BlackBerry
Broad concerns about regulatory compliance were instrumental in creating the chief security officer job at merchant bank Thomas Weisel Partners back in 2004.
"Among the drivers for the CSO job were the disaster-recovery rules coming into play from the Securities and Exchange Commission (SEC) after 9/11," says Beth Cannon, the first-ever CSO there. "We also needed to look at Sarbanes-Oxley because we were planning to go public."
Thomas Weisel Partners decided to carve out the job in order to have a point person acting as central liaison between the legal department, IT and upper management in crafting IT security policy.
Cannon, who reports to the CIO, said she has made it a priority to have telecom providers disclose how lines to the bank's corporate clients are routed to avoid an over-concentration in one area -- one horrible lesson learned after the Sept. 11 terrorist act on New York -- and is looking at VoIP as an option for some services to users.
While it's not always easy to build unity internally around security policies, one advantage, she says, is that her eight-year tenure at the firm -- she was the chief technology officer there before accepting the position as CSO -- meant "I've built a lot of relationships."
This helped in the situation when she had to sit down with the legal department and IT to hammer out security policies she was advocating for the hundreds of BlackBerries and laptops that employees take with them for mobile computing.
While sometimes employees balk at policies such as password time-outs or encryption that may add complexity, says Cannon, it's easier to help change a pattern of computer behavior when the discussion occurs between people who personally know each other. "The relationship really becomes the key," said Cannon.
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- IDG TechWorld UK Security Review: UTM appliance
- Virtualisation: Optimised Power and Cooling to Maximise Benefits
- Beyond PCI Checklists: Securing Cardholder Data with enhanced File Integrity Monitoring
- Hidden Costs? Evaluating ‘Budget’ Email Security Solutions
- Database Management | A Computerworld Strategy Guide
-
on Updated: Google adds, retracts support for Australian paid Android apps
-
on Wilkie secures pokie tech reform
-
on NBN wholesale pricing still up in the air
-
on Broadband a "no regrets" investment: World Bank
-
on Wilkie secures pokie tech reform
-
Microsoft Office 2008 for Mac Bible
-
Alan Simpson's Windows Vista Bible, Desktop Edition
-
DOS for Dummies Quick Reference, 3rd Edition
-
Fortran 90 for Engineers
-
Programming the Network with Perl
-
Windows Xp
-
Windows Home Server Bible
-
Computing for the Older and Wiser - Get Up and Running on Your Home PC
-
Parallel Database Techniques
Comments
Post new comment