Opinion
Convergence Is Over, Hooray
Action, not rhetoric; cooperation, not organizational charts
By Derek Slater
May 21, 2007 — CSO — "Ask me what I think about convergence," said George Campbell, on stage at our recent CSO Perspectives conference.
Campbell was on a panel of honorees of the 2007 CSO Compass Awards.
I obliged: "OK, George, what do you think about convergence?"
"I think itâ¬"s crap," said Campbell.
The audience laughed; I laughed. (Campbell did not laugh.) George Campbell isnâ¬"t one to mince words. On the other hand, his comment was surprising since he was also an early adopter of what might be termed a converged organizational model⬠he had responsibility for both corporate and information security as CSO of Fidelity Investments some years ago.
With a little digging, we found that what Campbell objects to isnâ¬"t the need for infosec and corporate security to work together. He objects to turf wars and to leaders who look at pieces of the risk management puzzle as potential career conquests.
In fact, I noticed a marked difference at the conference. In past years thereâ¬"s been a bit of tension or discomfort at the blending of two often-Âdistinct disciplines. But this time around, the concept of meshing security functions together was not just widely accepted, it seemed to have rapidly become a nonissue. Campbellâ¬"s onstage comment was about the extent of controversy or pushback on the concept that I heard during the two-plus days. Overall, people seem less hung up on the semantics and the organizational chart issues and turf wars and more interested in just reducing risk and enabling business in the most efficient and cooperative manner possible.
Want one security function with one CSO? Fine. Want infosec to report to the CIO? Groovy. Think a risk management committee better matches your business model or current personnel? Bully for you.
Like Campbell, CSO Perspectives attendees seemed to just want to get the job done without all the politicking. Thatâ¬"s a giant step forward for the profession.
⬠Derek Slater
Other stories by Derek Slater
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- 5 Ways to Reduce IT Audit Tax
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
