Tack on another "C" in security function.As "C" suites have been getting more crowded in recent years, the Years, The the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109] See : Time need for more chairs isn't stopping. There's been the emergence of the chief privacy officer, and more recently, the chief governance officer. Some companies have now added another title: chief information security officer, or CISO See CSO. . One CISO, James R. Wade of Key-Corp., the major banking company based in Cleveland, talked recently about the position and what it entails. While he's been at Key for about a year, he was formerly the CISO for the Federal Reserve System (covering the Reserve Banks but not the Federal Reserve Board). In an interview, Wade--who also serves as president of the International Information Systems Security Certification A certification issued by competent authority to indicate that a person has been investigated and is eligible for access to classified matter to the extent stated in the certification. Consortium, or ISC (1) (Internet Systems Consortium, Redwood City, CA www.isc.org) An organization founded by Paul Vixie, Carl Malamud and Rick Adams in 1994 and later sponsored by UUNET and other Internet companies. (2)--said his office oversees what is generally a centralized technology platform in Cleveland, with some added resources in Albany, N.Y. "We see ourselves as a center of excellence," partnering with existing IT staff. His group numbers about 35, two-thirds of whom had been with Key before he joined, he notes. "What is new is that this is really being focused on gaining an enterprise-wide view; these positions are being created for the C-suite for insights on the security standpoint, as well as a business standpoint," Wade says. "I see this as the proverbial three-legged stool--you have the security side, the technology side and the business side." Wade concedes that an avalanche of mergers in recent years has made things more challenging for industries like financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. , and that different philosophies must often be brought under one umbrella. How? "It all starts out with policies--a senior management statement of what has to happen. [Then comes] policy development and the day-to-day [duties]. For many financial services organizations, because of the way security is perceived, it's now integrated more into how we do business." Wade says the research he's seen from companies like Gartner Inc. and The META Group suggest that there is no single approach for a reporting scheme--some CISOs may report to the CFO See Chief Financial Officer. or even the CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. , though most would report to the chief information officer. Deciding to create such a role "starts with the realization that you need someone who can interact with highest levels [of the company], who can help put together strategy at the highest level and make sure that's followed through into the technology." |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion