This presentation by Ken Tyminski, VP and CISO of Prudential Financial, was given at Information Security Decisions Spring 2005.
When the network is compromised or a worm sneaks through the AV screen, everyone looks to the security manager to find out what went wrong. Rather than having sole responsibility for security, others should be charged with security as well -- namely the business owners of the systems and data.
In this presentation, Ken Tyminski recounts his efforts to decentralize security in a company with 55,000 users. Get inside the walls of Prudential as Tyminski discusses his efforts to transfer the responsibility for security to the owners of business units, infrastructure and data. Besides security awareness training and stringent security policies, one of the most effective decentralizing methods Tyminski implemented was dismantling Prudential's SOC and making the network managers responsible for security. Hear firsthand how he did it and learn how to employ such practices within your own organization.
This was first published in May 2005