|
The Red Cross has what Weischedel describes
as "well-established audit functions" among various
groups within the organization, each a check and
balance on the other. Among other positions, the
Red Cross has a chief of audit, a chief of investigations
and an ombudsman-any or all of whom may
touch issues related to information security.
Security is so deeply woven into the fabric of the
organization that "there is a natural partnership and
affinity between the things our CISO does and the
other parts of the Red Cross," he says.
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] Missed Opportunity
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Organizations continue to put security on the back burner as they dive into virtualization.
The sluggish adoption of security controls in virtualized environments
illustrates how security remains an afterthought in many organizations,
says Scott Crawford, research director at Enterprise Management
Associates.
In an EMA survey of more than 600 enterprises worldwide, only 17
percent of respondents use detective controls to monitor hypervisor
security. Just 26 percent use controls to prevent potential or detected
hypervisor threats.
"IT has a once-in-a-generation opportunity to integrate security into
a new technology in its earliest stages of deployment, yet what this data
suggests is that IT-an...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
d the business-is missing the opportunity,"
Crawford says.
In the absence of significant numbers of proven threats, businesses
are still weighing the need to integrate security directly into virtualization
initiatives, he says. "Unfortunately, this means that even with new
and emerging technology, we may be back to business as usual for dealing
with threats after the fact, despite the security lessons so painfully
learned over the last decade."
--MARCIA SAVAGE
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
AN AFTERTHOUGHT
The Red Cross and other large, established organizations
have the breadth and the resources to
rearrange responsibilities as business demands and
the threat landscape shift. Unfortunately, plenty of
other organizations continue to view information
security as a technical afterthought. That bias is
reflected in how infosecurity managers' duties are
viewed by others within the organization.
In many cases, "we are still seeing IT focused on
the primary objectives of the business-delivering
services, maintaining network availability," says Scott
Crawford, research director of the security and riskmanagement
practice at Enterprise Management
Associates, an IT consulting firm in Boulder, Colo.
Security's role in addressing "risk management is
often an afterthought,which is discouraging," he says.
Crawford, former CISO at the Vienna-based
Comprehensive Nuclear Test Ban Treaty Organization,
says that rocky relationships between line-ofbusiness
personnel and security managers continue
in many organizations.
|
 |
|
