Executive Briefings

It's Not Enough to Have a CIO. You Need a Chief Information Security Officer.

It's past time for all major companies – certainly in the Fortune 500, but the advice carries on down into even medium-sized organizations – to carve out a C-level role focusing solely on security.

It's Not Enough to Have a CIO. You Need a Chief Information Security Officer.

Information security isn't just a luxury in this day and age. It's a necessity. For the longest time (and even today in some companies), security was (and is) within the purview of the CIO, a bullet point on a long list of pre-existing responsibilities and job requirements to look after.

Ignore security long enough, though, or neglect to pay it the attention it deserves, and the bad guys will pay attention to it for you: Witness what happened at Target and, more recently, at Home Depot. These incidents were very serious security breaches that let attackers gain access to sensitive payment data over a long period of time – a few weeks in the case of Target and a few months in the case of Home Depot. Consider that. Bad guys infiltrated the most sensitive of systems at a company for months, and only external entities (the banks) convinced Home Depot to look at their systems with enough of a fine-toothed comb to actually discover the breach and begin remedying it.

Read Full Article

Information security isn't just a luxury in this day and age. It's a necessity. For the longest time (and even today in some companies), security was (and is) within the purview of the CIO, a bullet point on a long list of pre-existing responsibilities and job requirements to look after.

Ignore security long enough, though, or neglect to pay it the attention it deserves, and the bad guys will pay attention to it for you: Witness what happened at Target and, more recently, at Home Depot. These incidents were very serious security breaches that let attackers gain access to sensitive payment data over a long period of time – a few weeks in the case of Target and a few months in the case of Home Depot. Consider that. Bad guys infiltrated the most sensitive of systems at a company for months, and only external entities (the banks) convinced Home Depot to look at their systems with enough of a fine-toothed comb to actually discover the breach and begin remedying it.

Read Full Article

It's Not Enough to Have a CIO. You Need a Chief Information Security Officer.