In Depth
How you fund a CSO
Genzyme's CFO-An exec who gets it; Finding security equilibrium; Are our harbors safe?; Better budgeting; What employees who travel need from a CSO; Protecting your company's intellectual property; A true story of employee termination
By CSO Contributor
But Charlie's case was a different matter entirely. Management saw him as a serious threat
We hired a group of consultants to audit the network, make sure that every computer was upgraded and properly patched, and then oversee the process of changing every employee's password. Then we told Charlie we wanted him to meet with the CIO of a company in Japan that we were thinking of acquiring and claimed we wanted Charlie's opinion of its network.
The minute Charlie's plane took off, the consultants swung into action. His account was locked, systems were upgraded, operating systems were reinstalled and firewall rules were revised to the highest level of security. Two days later Charlie called from Japan in a panic: He couldn't log in! We told him we were having problems and had brought in an outside consultant. He flipped.
That night we saw repeated log-in attempts from Japan using Charlie's account and others. None of them were successful. Then we saw some hack attempts. Fortunately, our external systems had been patched. Meanwhile, the consultants raced to patch the rest of the internal systems. Our friend in Japan called Charlie at his hotel to pretend he was sick
We called Charlie and told him the Japan deal was canceled, that he should come back home. (It was tempting to leave him in Japan, but we resisted.) We had a limousine meet him stateside and bring him to our headquarters. An off-duty police officer who occasionally worked for us escorted him to the HR office, where we formally terminated him.
Although the whole process cost us dearly in the checkbook, we ended up with a network that was considerably more secure than the one we started with. Ultimately, however, we didn't learn our lesson. The following month, our CIO hired a new security architect and proceeded to hand her the only keys to the kingdom.
-Simson Garfinkel
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
