Home > Information Security Magazine > Features > CISOs, human resources cooperation vital to security
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

CISOs, human resources cooperation vital to security
by Marcia Savage
Issue: Jan 2009
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >

SECURITY BY COMMITTEE
Money Management International, a Houstonbased nonprofit credit counseling agency, has a committee that meets quarterly—sometimes more often—to discuss information security issues.

Nearly every part of the business is involved in the committee, from the C-level to operations, which includes HR. Topics range from possible security breaches and awareness training to document retention and disposal.

Everyone in the organization, which has about 1,200 employees in more than 120 locations in 23 states, takes a proactive stance when it comes to security, says Thomas Anderson, national director of human resources at MMI.

"It's very important as far as our corporate mission, which is improving lives through financial education," he says. "Clients need to have comfort that their information is going to be properly safeguarded."

Anderson also is a member of the Society for Human Resource Management's Employee Health, Safety & Security Special Expertise Panel, which tackles topics such as risk management, workplace violence, theft and fraud protection, workplace monitoring of email and Internet use, and background investigations. Other members include Orozco an...



d Miller.

Many companies have formed councils that include HR and security leaders along with other business managers, says Howard Schmidt, former White House cybersecurity adviser and president of the Information Security Forum, a nonprofit association of 300 international organizations.

These groups go by various names, such as security and privacy council or business risk council, but the general goal is to ensure technical policies are fair and consistent with HR requirements, he says.

Still, a lot of enterprises have a long way to go in bringing HR and information security teams together, says SCIPP's Schwartau. He works with many organizations in the finance and government sectors and has seen HR and security often disjointed.

"You're dealing with technical things that tend to be fairly black and white," he says. "And you're dealing with the human issues that are anything but black and white; they're fully gray and subject to interpretation."

But for Orozco, the divide isn't so difficult. "You just have to understand what their concerns are. As an HR person,my concerns have to be the same," she says. "Our jobs are to protect the company. That's what they're doing and that's what I'm doing."
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts