Premium Content

Access "Thinking Ahead"

Published: 24 Oct 2012

IT IS A SUBTLE YET NOTEWORTHY DISTINCTION that Gary Swindon's job title reads "corporate" information security officer, and not "chief." "As corporate ISO, I am responsible for security strategy, risk assessment, risk management and audit functions--things that are strategic in nature," says Swindon, who reports to the director of compliance and internal audit at Orlando Regional Healthcare, and not to the CIO. "If you're going to report to the CIO, then the job takes on the flavor of technical security rather than it being a business process." Meet the new CISO, not quite the same as the old CISO. This transition from operational security responsibilities to strategic ones resonates throughout the results of Information Security's 2006 Priorities Survey. Security organizations, driven by regulatory mandates, are segregating responsibilities and giving more attention to people and process issues. "In a nutshell, security is now about risk management," says Ron Woerner, information security manager for ConAgra Foods. "You cannot properly manage risk at the ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free