Time to push data security ownership to business units
As technology marches on, so too do the many threats to your data, which makes the job of the chief information security officer that much harder. One Forrester analyst says, "Software-as-a-service (SaaS), Web 2.0 technologies, and consumerized hardware increase the number of escape routes for sensitive information. Regulations, statutes and contractual expectations drown CISOs in audit requests and ratchet up the pressure to do something about the problem. Hordes of vendors confuse CISOs with innumerable sales pitches."
But is it possible that the security executives are assuming too much responsibility? Forrester suggests as much. It calls for an approach where the CISO pushes more responsibility down to the business units, where ownership really belongs. The top executive's role is to set priorities, best practices, offer guidance and generally own the big-picture view.
For more:
- here's a deeper discussion
Related Articles:
New PCI standard points to data security needs
Navigating more stringent state privacy laws
Banks sue in face of data breaches
Take a multi-pronged approach to data security
SHARE WITH:
Comments
By J. Avellanet | Posted 4:50am | April 8, 2009
This is one of the key points I've advocated for several years in my articles and with my clients when dealing with preventing intellectual property theft by both employees and by contractors. Frankly, requiring the chief security officer, compliance officer or risk officer to be accountable for information flow out of the company is akin to expecting the governor of a state to be accountable for stopping burglaries all over the state; it's just unrealistic. While the office (like the governor) may have ultimate accountability, responsibility for monitoring has to be pushed down to the people who can make the greatest impact at the swiftest level - the supervisors and managers of each functional level (much less the individual employees); again, no different than the mayor, police force (and individual citizens) in a town.
Post new comment
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site MapTHE FIERCEMARKETS NETWORKFierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceVoIP | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2010 FierceMarkets. All rights reserved. |
 |