"The business people-and even some in IT- tend to see security staff as being in the business of saying no-'No, you cannot pursue this line of business because it is too great a security risk,'" says Crawford. Until management takes the view that information security touches the business at every level, clashes are likely to continue, he adds.

PUSHING SECURITY
In order to persuade others in the C-suite to give appropriate weight to information security, savvy CIOs frequently take pains to work closely with employees outside of IT. Education is of paramount importance in that effort, says Tim Johns, the CIO and head of IT security at Georgia Urology.

"In the clinical environment, change is never a good thing," says Johns. "A lot of folks have worked here for a long time, so when you come in and say, 'You need to change your password,' they say, 'But I like my password-it's my daughter's wedding [date]!'" You have to sell them on the reasons why they need to change their password. You tell them, no, we're not being attacked, but I am trying to prevent that from happening.

"I like to say that I have 28 bosses," he adds. Johns reports to the CEO and the managing partner, to say nothing of the two dozen-plus physicians with whom he and his staff work every day. Although he says GU's CEO thought Johns "went a little overboard" when he expanded GU's security policy from three pages to 37, some explanations about the necessity for HIPAA compliance and other regulations helped the CEO understand precisely why Johns was implementing a host of new procedures and rules.

And just as business people need to elevate security considerations, security people need to prioritize learning about their companies and the type of security risks that could harm them, says the Red Cross' Hall.

"Traditionally, CISOs have not had that business focus," she says. "As a profession, CISOs must work as a group to help bui...

[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] Top 10 Priorities [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Every year, the National Association of State Chief Information Officers (NASCIO) conducts a survey of state CIOs to identify their top policy and technology issues. Here are the results for 2009:

POLICY
1. Consolidation
2. Shared services
3. Budget and cost control
4. Security
5. Electronic records management/digital preservation/e-discovery
6. ERP strategy
7. Green IT
8. Transparency
9. Health information technology
10. Governance

TECHNOLOGY
1. Virtualization
2. Document/content/email management
3. Legacy application modernization and upgrade (ERP)
4. Networking, voice and data communications, unified communications
5. Web 2.0
6. Green IT technologies
7. Identity and access management
8. Geospatial analysis and geographic information systems
9. Business intelligence and analytics apps
10. Mobile workforce enablement

"Security has been a high priority and will continue to be. States are relatively open environments simply because of the nature of their business and it can be problematic."
--DOUG ROBINSON, NASCIO executive director

[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]

< PREV PAGE   |   1  |   2  |   3  |   4  |   NEXT PAGE  >