Opinion
Charting Ethical Waters
Ethics-based security policies will prevent you from being submarined by privacy problems.
By David H. Holtzman
So far, there haven't been any big awards, but that day is coming soon. The financial rewards reaped by states from tobacco lawsuits have given them a taste for taking on media-ready consumer issues, such as the recent trend toward holding fast-food chains accountable for unhealthy and overweight clientele.
Security officers should be privacy champions because it makes their job easier. CSOs are to security and privacy issues what CFOs are to financial audits. The security department provides insurance to protect the bottom line by anticipating and averting disruptions to the business; the better the expertise at foretelling, the cheaper the price of forestalling.
Creating a privacy-conscious culture that encourages ethical considerations and discourages dubious database dealings is not only an excellent precaution, it helps prevent customer problems from escalating into front-page news stories. Crafting a tough security plan to match that culture will make it difficult for employees to act outside those approved guidelines and will preserve management's options. It's always easier to make one-time exceptions to a tough policy than it is to shoehorn rigorous security process into a cowboy culture in response to a security catastrophe.
Treating sensitive corporate information as a valuable resource is good management. Building a security environment based on ethical principles that employees can understand and implement is great management. Smart executives want smooth sailing especially when they're in uncharted waters.
CSO
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs
- Beyond PCI Checklists: Securing Cardholder Data with Enhanced File Integrity Monitoring
- Credit Issuers: Stop Application Fraud at the Source with Device Reputation
- CSO's Guide to Security and Compliance
- Understanding Data Location is Imperative for Data Loss Prevention
- FISMA and FDCC Compliance: Millennium Challenge Corporation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
