Three CSOs Offer Security Views from Around the World

CSOs at big companies overseas share a global approach

September 30, 2004 — CSO — Whether the view is from Europe or Australia, CSOs look at their roles as part of a global effort to manage risks and protect assets. The three CSOs we consulted via e-mailfrom Australia, Finland and Italyeach noted that the profile of the security function in their organizations is rising, and that they consider in-house threats more dangerous than external ones. Each is also less inclined to support government authorities who seek to regulate security matters, but they'd like to see more information sharing between law enforcement and corporations. Here's more of what each had to say.

John Geurts

Executive General Manager for Group Security, Commonwealth Bank of Australia

At Sydney-based Commonwealth Bank, John Geurts, executive general manager for group security, says it's important for his bankat $284.4 billion in assets, one of Australia's largestto keep up with best practices at global leaders.

"We recently conducted a review of our practices against several leading financial services companies in the United States and the United Kingdom," Geurts writes. "It was pleasing to see that our structure and practice had much in common with leading thinking, and that security management is maturing in light of the threat and technological environment we are faced with."

Geurts says his role encompasses all aspects of securityincluding fraud, physical security, information security and crisis management, as well as emerging threats. "I am most likely to be concerned about ensuring the enterprisewide coverage of those issues that do not neatly fit into any of the above disciplinesfor example, the relationship between IT security and fraud," he writes.

And that relationship between infor-mation security and fraudwhat he calls "transnational e-crime and its impact on our customers"is his most pressing concern, after ensuring the safety of Commonwealth's staff and customers.

As for government regulation of security, Geurts advocates a hands-off, yet collaborative approach. He says government "should permit greater collaboration in sharing threat information with business. They should not seek to regulate on matters they do not fully understand in a free market."

Urho Ilmonen

CSO, Nokia, Finland

Urho Ilmonen, CSO of Nokia in Espoo, Finland, sounds like a spokesman for his industry colleagues when he says that information security is top-of-mind for high-tech companies worldwide.

"The current strained commercial situation and the rapid development of new competitors has fostered a market for technical and financial information, often sought after by investigation and information-gathering organizations of all shapes and kinds," he writes.

Information technology has another impact on Nokia, the $36.2 billion maker of mobile phones and other communications: It's made Ilmonen resigned to the idea that outsourcing is here to stay. This adds a challenge for CSOs, he says, because while the scope of activities has not grown, the volume has: "As we regard the outsourcing companies as members of the extended enterprise, we need to treat them securitywise in the same way [as our company], ensuring the same good level in security at their premises and operations that we provide in-house."