PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
May 2005

Ping: Bruce Bonsall

Mass Mutual's Bruce Bonsall In the heavily regulated financial services world, security policy compliance is paramount. Bruce Bonsall, CISO of MassMutual Financial Group, explains how his organization ensures that every IT project properly addresses security and doesn't progress without his office's seal of approval. What do you do as CISO to get security baked into projects? We've instituted a governance process with IT projects similar to a building permit. During the concept and definition phase, the project team gets in touch with my security consultants to identify any security implications. It doesn't matter whether they're writing new code, buying technology or outsourcing a function to a third party; anything that involves the processing, transmission or storage of information goes through this process. We still need to broaden it to more areas in the company. It's growing from a security governance process to more of an IT process, then it will become a corporate governance issue. Where do CISOs invariably slip up with ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue






  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...