This article can also be found in the Premium Editorial Download "Information Security magazine: The power of SIMs for visibility and compliance."

Download it now to read this article plus other related content.

It's About Risk, Not Threats
Draconian permit-deny security programs are extinct in the enterprise because network perimeters have disappeared. Busi-nesses don't function without interaction and connectivity between partners, suppliers and customers, and security pros have to enable these relationships without hindering the bottom line. Horowitz is finding out that the secret to facilitating those relationships may lie in the pages of the Kaplan book.

"You have to partner with business units," Horowitz says. Wells Fargo, with 140,000 employees worldwide, centrally manages its IT back end, meaning from an operations perspective, security planning and architecture must also be done centrally. "That means you have to be business savvy and understand time-to-market ratios so that products are profitable, yet still address risk," he says.

Being business savvy means learning not only a new set of large-scale financial skills, having comprehensive regulatory knowledge and understanding legalese, but learning how to talk with business unit managers.

"You have to speak to business units on their terms, and those terms involve customers, customer experience, time to market, profitability and risk. Everything we do is around a risk-based methodology," Horowitz says. "And that's a change because security professionals deal in threats, not risk."

Horowitz, for one, seemed destined for an MBA. Coming out of college in Ohio, he started

    Requires Free Membership to View

with Wells Fargo's leadership development program, and after a year of management training, he was entrusted with starting a security remediation and policy compliance team. Horowitz has set a three-year timeline to earn his MBA.

"The CISO needs to be a coordinator and pull processes together and make sense of the regulatory environment," Horowitz says. "You also need to know what write-offs are; what can you depreciate and capitalize; what are incremental spends. It's not just, 'Do I have money,' but 'How do I fit into the moving target that is a budget of this magnitude.'"

This was first published in September 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: