February 01, 2006 — CSO —
Our anonymous author recounted what happened when a change in company leadership resulted in the blunt-force dismantling of his carefully architected, risk-based security program. Reasonable people can disagree over whether converged security governance is in all cases the right approach, but what happened in our columnist's company went well beyond a difference of opinion over organizational strategy. Instead, it was a form of rejectionism by a CEO who simply doesn't buy the idea that risk-based decision making creates opportunity, in a framework of rationality, and is an important strategic element of corporate leadership. Thus, a structure created to add value and quality to business performance was suddenly viewed, through different eyes, as a cost-cutting opportunity. Our author turned out the lights and skedaddled.
In running this magazine, we try to talk to the profession's leading lights.
We act as a virtual networking opportunity, where readers can look over the shoulders of enlightened peers and come away with ideas of potentially high value to try out in their own shops. But overexposure to leading lights carries with it the risk that we may come to believe that reality is far more evolved or advanced than is actually the case. And—son of a gun!—it seems possible, even likely, that there are way more myopic short-term thinkers running companies than we might ever have supposed.
And this reminds me anew that the need remains urgent for there to be a steady flow of executive education about security and risk. Until the day when it becomes literally unthinkable for a new CEO to propose the neutering of a well-crafted security model, the requirement to administer this unceasing curriculum will be part of the CSO's duties. A strong program of internal influence and awareness is therefore a CSO's best practice of untold value. And still there will always be pockets of backwardness in those who believe they can't afford to think beyond the next two quarters, making them able to comfortably strip away activities that appear to be cost-avoidance opportunities rather than precious business assets.
Because of his abundant talent, our anonymous author landed on his feet. But what did he leave behind? A more efficient and streamlined business?
Or one that is headed in a dangerous direction?
Let us know your thoughts.
Other stories by Lew McCreary
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.
- Make Compliance Regulations an Ally Not an Enemy
- Protecting Sensitive and Confidential Information with Endpoint Security
- Endpoint Security: Compliance at the Endpoint
- Revolutionizing Endpoint Security with a Single Agent
- Data Protection: Challenges for the Traveling User
- View Gartner Video: Best Practices on Web Application Security
- Practical Role Management: Real-World Approaches to a Complex Problem
- The Disconnect Between Security and the Business
- Unlock the Power of Device ID to Combat Online Fraud and Abuse
- Network Security Services: Outsourcing considerations for maximizing network protection
- File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
- Configuration Assessment: Choosing the Right Solution
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Executive Seminar on Application Security
-
January 29, 2009New York, New YorkRegister now »
-
February 25, 2009San Francisco, CaliforniaRegister now »
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
