Security Management Strategies for the CIOAccess "Thinking Ahead"
This article is part of the December 2005 issue of Top forensics tools for tracking down cybercriminals
IT IS A SUBTLE YET NOTEWORTHY DISTINCTION that Gary Swindon's job title reads "corporate" information security officer, and not "chief." "As corporate ISO, I am responsible for security strategy, risk assessment, risk management and audit functions--things that are strategic in nature," says Swindon, who reports to the director of compliance and internal audit at Orlando Regional Healthcare, and not to the CIO. "If you're going to report to the CIO, then the job takes on the flavor of technical security rather than it being a business process." Meet the new CISO, not quite the same as the old CISO. This transition from operational security responsibilities to strategic ones resonates throughout the results of Information Security's 2006 Priorities Survey. Security organizations, driven by regulatory mandates, are segregating responsibilities and giving more attention to people and process issues. "In a nutshell, security is now about risk management," says Ron Woerner, information security manager for ConAgra Foods. "You cannot properly manage risk at the ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Building A Perimeter Defense With Application-Level Firewalls
Learn how application level firewalls, when carefully deployed, can build perimeter defenses and prevent hackers from exploiting vulnerabilities, such as application code, to achieve attacks.
-
To Catch a Thief
Forensics tools aren't only used in high-profile cases.
-
On the Mend
Health care giant Novartis AG got a much-needed shot in the arm with a comprehensive risk assessment and revamped security management system.
-
Recent Releases: Security product briefs, December 2005
Learn about the security products released in December 2005.
-
Controlling the Uncontrollable
Organizations must leverage policy, and harness new protocols and technology to tame wild WLANs.
-
Thinking Ahead
Information Security's 2006 Priorities Survey signals a transition for security managers from an operational to a more strategic stance.
-
Building A Perimeter Defense With Application-Level Firewalls
-
-
Hot Pick: Citrix Systems' Citrix Access Essentials
Citrix Systems' Citrix Access Essentials
-
SSL VPN: Array Networks' Array SPX5000
A review of Array Networks' Array SPX5000
-
Configuration Management: Configuresoft's Enterprise Configuration Manager v4.7
Configuresoft's ECM v4.7
-
Application Security: Cenzic's Hailstorm v2.6
Cenzic's Hailstorm v2.6
-
Secure Reads: Mergers and Acquisitions Security
Read a review of the security book Mergers and Acquisitions Security.
-
Hot Pick: Citrix Systems' Citrix Access Essentials
-
Columns
-
On The Radar: Security technology can't solve process problems
Soul Searching
-
Perspectives: History teaches security lessons well
Expert Richard Bejtlich looks at the lessons learned in engineering disasters and applies them to information security.
-
Editor's Desk: Security for the corporate brand
Know Thy Business
-
Ping: Desiree Beck
Desiree Beck
-
On The Radar: Security technology can't solve process problems
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...