Security Management Strategies for the CIOAccess "Ping: Bruce Bonsall"
This article is part of the May 2005 issue of Keeping on top of risk management and data integrity essentials
Mass Mutual's Bruce Bonsall In the heavily regulated financial services world, security policy compliance is paramount. Bruce Bonsall, CISO of MassMutual Financial Group, explains how his organization ensures that every IT project properly addresses security and doesn't progress without his office's seal of approval. What do you do as CISO to get security baked into projects? We've instituted a governance process with IT projects similar to a building permit. During the concept and definition phase, the project team gets in touch with my security consultants to identify any security implications. It doesn't matter whether they're writing new code, buying technology or outsourcing a function to a third party; anything that involves the processing, transmission or storage of information goes through this process. We still need to broaden it to more areas in the company. It's growing from a security governance process to more of an IT process, then it will become a corporate governance issue. Where do CISOs invariably slip up with regard to policy compliance? I... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Desktop Security: GreenBorder Enterprise Security
GreenBorder Technologies' GreenBorder Enterprise Security Solution
-
Snapping on SNMPv3
The ubiquitous management protocol is more secure, but upgrading isn't simple.
-
Hot Pick: Polivec Compliance Management System 3.7
Polivec's Polivec Compliance Management System 3.7
-
Trust Us
It doesn't come easy when you federate identity management.
-
Security Appliance
SonicWALL's PRO 1260
-
Big Brother's Watchful Eye
Our survey finds that enterprises are spending big on management systems to meet regulatory requirements.
-
Desktop Security: GreenBorder Enterprise Security
-
-
Recent Releases: Security product briefs, May 2005
Read about the information security products released in May 2005.
-
Keeping the Data & Oil Flowing
When ChevronTexaco puts a drill in the ground, it must live with that decision for decades. Risk management and data integrity are essential.
-
Secure Reads: The Art of Computer Virus Research and Defense
Read a review of The Art of Computer Virus Research and Defense.
-
Instant Messaging: Akonix L7 Enterprise 4.0
Akonix Systems' Akonix L7 Enterprise 4.0
-
Access Management
Vernier Networks' EdgeWall 7000 series
-
Recent Releases: Security product briefs, May 2005
-
Columns
-
Layer 8: Debating policy vs. technology
Control Quagmire
-
Logoff: Let's not cheapen information security certifications
Dollars & Certs
-
Perspectives: Windows Server 2003 security stands up
One study concludes that Windows Server 2003 is more secure than Linux.
-
Ping: Bruce Bonsall
MassMutual's Bruce Bonsall
-
Editor's Desk: Targeted malware
Calculating Malware
-
Layer 8: Debating policy vs. technology
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...