PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
March 2007

Ping: Mark Odiorne

Do not envy Mark Odiorne. As the CISO at Scottish Re, a reinsurance company with more than $12 billion in assets, Odiorne is the only full-time security practitioner on staff. In addition to fighting threats, he also has responsibility for much of the company's substantial compliance efforts. MARK ODIORNE Which compliance requirements take up most of your time? Sarbanes-Oxley is probably the biggest focus; Gramm-Leach-Bliley as well, because we're a financial services company. What we have found is because we used the ISO standard to build our security model, whether it's Gramm-Leach or Sarbanes or something else, we can pretty much track anything they're looking at to that model. When the company was young, we were constantly writing policies on the fly. So every year, when the auditors would come back in, we had a lot of new processes in place and they had some testing to do. That's also why we've made information security more of a priority and have more resources applied to it. What are the challenges you think will take up ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

  • Product review: Six removable device control security products

    Six removable device control security products that provide centrally managed granular control over ports, interfaces and storage devices are reviewed. This review evaluates: DeviceLock 6.0 from SmartLine, Sanctuary Device Con-trol 4.0 from SecureWave, Endpoint Access Manager 3.0 from ControlGuard, Device-Wall 4.5 from Centennial Software, Safend Protector 3.1 from Safend and Protect Mobile from Workshare.

  • Prioritizing compliance and information security

    Have compliance demands refocused and weakened information security efforts?

Columns in this issue