Opinion
Information Sharing: Connecting Dots
As publisher of CSO I have the great honor of meeting a great many very smart people. This is a good thing because it certainly helps compensate for my gaps in knowledge.
By Bob Bragdon, Publisher, CSO
June 06, 2008 — As publisher of CSO I have the great honor of meeting a great many very smart people. This is a good thing because it certainly helps compensate for my gaps in knowledge. The month of March this year was an exceptional one in particular.
During March I had the good fortune to spend some time at one of our annual events, the 2008 CSO Perspectives conference, and was again amazed by the depth of knowledge, experience and insight that is displayed by those in the security profession. This year's conference was themed "Becoming the Complete CSO." From those of you who attended and whom I had a chance to speak with, there was universal praise. Not just for the content and speakers (which were great) but also for the recognition that CSOs are rising to ever-greater heights within their organizations and that sometimes, at those elevations, an individual's focus must shift from tactical to strategic.
The week prior to CSO Perspectives I was at my good friend Robert Rodriguez's IT Security Entrepreneurs' Forum (ITSEF) at Stanford University. Funded by the Department of Homeland Security and the Kauffman Foundation, the ITSEF focuses on bringing together early-stage security businesses, the federal government and the venture capital community to make sure that important technologies that address critical security issues don't fall by the wayside before they can be fully commercialized. In this fast-growing but increasingly consolidating industry, the danger of critical-technology obscurity should be of concern to all security professionals. As with CSO Perspectives, this was another occasion for me to rub elbows with some very smart people in this business and to learn from them.
So what did I learn this month? First, that security is the responsibilityÂÂÂ of everybody—from the janitor to the CEO. Without a culture of security, an organization will always be vulnerable. Second, that security is not just about the technology. CSOs walk a fine line between security and business and must constantly strike a balance between the two. CSOs must understand the issues of both sides and act as a liaison between the folks from the business side and those from the security side—both are critical to selling the value of security. Finally, despite what you may hear, there are a lot of CSOs doing the first two very, very well. My advice to those CSOs who struggle with the balance of tactical and strategic responsibilities? To those who find it difficult to integrate security and business objectives? To those who struggle to sell the value of security in their organizations? Find your peers and learn from them.
information sharing
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
