PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
November 2007

Interview: CISO builds information security program from scratch

How do you build an enterprise information security program from scratch? Most CISOs never have to find out, but that was the reality facing Bob Maley in 2005 when he became the first CISO of the commonwealth of Pennsylvania. His work in the last two years has saved the commonwealth more than $27 million. Maley talks about the challenges of putting together a comprehensive strategy and architecture for 80,000 users on a limited budget. Bob Maley What was the environment like when you took the CISO job? I came into an environment that was very siloed. There was no program in place, aside from antivirus and patching. We have 47 agencies, and every one of them took a different view of security. They had policies that were four to five years old, so there were a lot of challenges. The agencies handled content filtering on their own and there was no assurance that it was being done. That's a problem on a network that sees 1 billion events a month. We had server builds that were different from agency to agency; no common desktop image...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue