The evolving role of the CIO involves IT and security responsibilities


This article can also be found in the Premium Editorial Download "Information Security magazine: How to be successful with your security steering committee."

Download it now to read this article plus other related content.

"The business people-and even some in IT- tend to see security staff as being in the business of saying no-'No, you cannot pursue this line of business because it is too great a security risk,'" says Crawford. Until management takes the view that information security touches the business at every level, clashes are likely to continue, he adds.

In order to persuade others in the C-suite to give appropriate weight to information security, savvy CIOs frequently take pains to work closely with employees outside of IT. Education is of paramount importance in that effort, says Tim Johns, the CIO and head of IT security at Georgia Urology.

"In the clinical environment, change is never a good thing," says Johns. "A lot of folks have worked here for a long time, so when you come in and say, 'You need to change your password,' they say, 'But I like my password-it's my daughter's wedding [date]!'" You have to sell them on the reasons why they need to change their password. You tell them, no, we're not being attacked, but I am trying to prevent that from happening.

"I like to say that I have 28 bosses," he adds. Johns reports to the CEO and the managing partner, to say nothing of the two dozen-plus physicians with whom he and his staff work every day. Although he says GU's CEO thought Johns "went a little overboard" when he expanded GU's security policy from three pages to 37, some explanations about the necessity for

    Requires Free Membership to View

HIPAA compliance and other regulations helped the CEO understand precisely why Johns was implementing a host of new procedures and rules.

And just as business people need to elevate security considerations, security people need to prioritize learning about their companies and the type of security risks that could harm them, says the Red Cross' Hall.

"Traditionally, CISOs have not had that business focus," she says. "As a profession, CISOs must work as a group to help build that skills set. It's a model we must continue to develop."

Top 10 Priorities
Every year, the National Association of State Chief Information Officers (NASCIO) conducts a survey of state CIOs to identify their top policy and technology issues. Here are the results for 2009:

1. Consolidation
2. Shared services
3. Budget and cost control
4. Security
5. Electronic records management/digital preservation/e-discovery
6. ERP strategy
7. Green IT
8. Transparency
9. Health information technology
10. Governance

1. Virtualization
2. Document/content/email management
3. Legacy application modernization and upgrade (ERP)
4. Networking, voice and data communications, unified communications
5. Web 2.0
6. Green IT technologies
7. Identity and access management
8. Geospatial analysis and geographic information systems
9. Business intelligence and analytics apps
10. Mobile workforce enablement

"Security has been a high priority and will continue to be. States are relatively open environments simply because of the nature of their business and it can be problematic."
--DOUG ROBINSON, NASCIO executive director

This was first published in January 2009

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: