This article can also be found in the Premium Editorial Download "Information Security magazine: How to be successful with your security steering committee."
Download it now to read this article plus other related content.
SHAWN PARTRIDGE CONTINUALLY nudges his staff and his superiors at Rockford Construction in Grand Rapids,Mich., to view information security-and IT in general-as a means to bring about positive changes for an industry beset by economic woes.
"Until I came here, IT was a support mechanism," says Partridge, whose company has no CIO. "It was seen as a cost center only."
Since Partridge, vice president of IT, implemented Web portals to make site management easier, employees "used to running projects with a walkietalkie and a pad of paper" are not only embracing the new technology but are helping him evangelize the importance of good security habits. "We implement different levels of access" for foremen, customers, and others with a stake in a project, Partridge says.
As threats to corporate data grow, putting organizations' reputation and revenue on the line, many CIOs and IT executives view information security with appropriate urgency. They're working to elevate security in the enterprise by expanding their roles and responsibilities, teaming up with CISOs or by occupying dual roles-leading both IT and information security efforts.
For its part, the American Red Cross initially created and filled its CISO spot about six years ago, says Mark Weischedel, CIO at the Washington, D.C.-based emergency response organization. Since then, the CISO's responsibilities have changed substantially.
"In the beginning it was all about policy and strategy," says Weischedel,
He adds that a steady stream of attacks has elevated information security's importance across the organization. "They are an everyday occurrence, but unless you are immersed [in information security], you won't understand the risk enough to develop an effective level of controls" with which to respond to them, he says.
Suzanne Hall, named to the CISO post in October, says that the placement of the CISO and CIO within the Red Cross' hierarchy weighed heavily in her decision to accept the job. She reports to Weischedel.
"Mark and I had conversations about this during the recruitment process," says Hall, who most recently served as CIO at Lerner Enterprises, a real estate development company based in Rockville, Md., that also owns the Washington Nationals baseball team.
"I felt very confident that there was a strong synergy between the CISO and the CIO here, and I know that the CIO has a seat at the table with the CEO."
This was first published in January 2009