Home > Information Security Magazine > Features > CISOs, human resources cooperation vital to security
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

CISOs, human resources cooperation vital to security
by Marcia Savage
Issue: Jan 2009
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >

Fifteen years ago, when human resources executive Anita Orozco needed to hire or fire an employee, involving IT probably wasn't on her to-do list. But the Internet boom and employees accessing corporate systems from virtually anywhere changed that.

"Now it's definitely more important, whether getting a new employee set up with access to systems and software, or getting someone turned off," says Orozo, director of HR at Sonneborn, a manufacturer of refined hydrocarbons. "The turning off has become especially important. Generally, we'll give as much notice as possible to the IT staff so they can do what they need to do to protect the company."

Like others in her field,Orozco finds it increasingly important to work regularly with technology managers to ensure corporate data is secure. In the information age, human resources professionals are teaming up with their counterparts in IT security to investigate potential Web or email policy violations by employees, develop security policies and procedures, and plan for disaster recovery.

Bringing human resources and security together isn't always easy, though. The two have sharply different perspectives and there...



can be some tension, says Khalid Kark, principal analyst at Forrester Research.

HR has its own set of policies and might view security as imposing IT policies that HR can't really implement; HR also has access to sensitive data, which security might want to limit, he says. It works best if a cooperative tone is set from the top, Kark says.

"Typically what happens in those organizations is the head of HR and the head of security have decided that they will work together," he says.

Winn Schwartau, founder of SCIPP International, a nonprofit provider of end user security awareness training, says the relationship between HR and security is "mission critical" but often can be overlooked. He encourages organizations to have the two departments work together in three areas: hiring of employees with access to proprietary information or control over large parts of the network; developing policy for employees who violate security rules; and making sure terminated workers cannot access corporate resources.

"We need to get HR as part of the process because security is about people," he says. "It's about their behavior, their intentions, proclivities, and tendencies."

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts