Three CSOs Offer Security Views from Around the World

CSOs at big companies overseas share a global approach

By Kathleen Carr

Page 2

As for government regulations, it's hands-off. "I do not believe in regulating security," writes Ilmonen. "Security is a mind-set and a way of operating, and no amount of regulation will improve the state of corporate security unless we do our part in the private sector. I would like to see a truly open exchange of information between the authorities in any country we operate in and our respective departments. Security clearances [now] hamper the progress."

According to Ilmonen, the CSO needs to show he can enable his organization to operate with fewer risks and assets lost. Success in this regard means "there will be lots of esteem" bestowed upon the CSO. If the added value remains theoretical, other executives will not appreciate the service.

Riccardo Cerretelli

Head of Global IT Security,Eli Lilly, Italy

From his infosec office at drug maker Eli Lilly in Florence, Italy, Riccardo Cerretelli, head of global IT security, sees

his job as acting locally and thinking globally. "IT security projects and services are globally managed. There are no differences between our approach and the approach of our U.S. colleagues," Cerretelli says of the $12.6 billion Eli Lilly, which is based in Indianapolis.

This CISO's priority is developing a strategy to deploy software security patches. The time between the report of a security vulnerability to the exploit release is shrinking. In this state, he says, formulating an approach that worksespecially when taking mobile users into accountis a real challenge.

Outsourcing can help in this regard by freeing up resources to handle big challenges, Cerretelli says. He says that by outsourcing the day-to-day activitiesfor example, antivirus monitoring activityEli Lilly is able to free up its resources, and then use those folks for projects or architecture strategy activities.

Cerretelli doesn't speak in favor of government regulation, but he would like to see the Italian government play a leading role in incident response activities and IT security education programs.

-Kathleen Carr

Read more about data protection in CSOonline's Data Protection section.