Printer Friendly

Tack on another "C" in security function.

As "C" suites have been getting more crowded in recent years, the need for more chairs isn't stopping. There's been the emergence of the chief privacy officer, and more recently, the chief governance officer. Some companies have now added another title: chief information security officer, or CISO.

One CISO, James R. Wade of Key-Corp., the major banking company based in Cleveland, talked recently about the position and what it entails. While he's been at Key for about a year, he was formerly the CISO for the Federal Reserve System (covering the Reserve Banks but not the Federal Reserve Board).

In an interview, Wade--who also serves as president of the International Information Systems Security Certification Consortium, or ISC (2)--said his office oversees what is generally a centralized technology platform in Cleveland, with some added resources in Albany, N.Y. "We see ourselves as a center of excellence," partnering with existing IT staff. His group numbers about 35, two-thirds of whom had been with Key before he joined, he notes.

"What is new is that this is really being focused on gaining an enterprise-wide view; these positions are being created for the C-suite for insights on the security standpoint, as well as a business standpoint," Wade says. "I see this as the proverbial three-legged stool--you have the security side, the technology side and the business side."

Wade concedes that an avalanche of mergers in recent years has made things more challenging for industries like financial services, and that different philosophies must often be brought under one umbrella. How? "It all starts out with policies--a senior management statement of what has to happen. [Then comes] policy development and the day-to-day [duties]. For many financial services organizations, because of the way security is perceived, it's now integrated more into how we do business."

Wade says the research he's seen from companies like Gartner Inc. and The META Group suggest that there is no single approach for a reporting scheme--some CISOs may report to the CFO or even the CEO, though most would report to the chief information officer. Deciding to create such a role "starts with the realization that you need someone who can interact with highest levels [of the company], who can help put together strategy at the highest level and make sure that's followed through into the technology."
COPYRIGHT 2003 Financial Executives International
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2003, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:management; chief information security officer, or CISO
Author:Heffes, Ellen M.
Publication:Financial Executive
Geographic Code:1USA
Date:Dec 1, 2003
Previous Article:New governance rules coming to exchanges.
Next Article:Study faults bank risk management.

Related Articles
Tackifying rubber compositions.
It's gloves off for broadcast laggards.
Courthouse security gets tighter.
Offset ink tack and rheology correlation Part 2: determining in real time the solids content of ink-on-paper using the ink tack force-time integral.
Offset ink concentration profile during vehicle imbibition into coated paper, Part 3: proposing a viscous gradient model.
Portable universal tester designed to measure small strains and loads.
Cyber security gets short shrift, say federal info tech managers.
Making excuses as people die.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |