In Depth
Evolution of the CSO
From incident reaction to proactive risk assessment, the CSO role has evolved dramatically. Next stop: new services and business operations intelligence.
By Joan Goodchild, Senior Editor
"Now I'm trying to get out there and say, 'This is more than just technology'. Let's talk about what you are going to do with your personnel."
Another focus now is data classification. Cannon says she hopes her efforts will give security a seat at the executive table as she demonstrates the value that the department brings to future compliance and regulation efforts in the firm. Slowly, she says, she is pushing past that perception that security is merely a cost center, demonstrating its importance to the future mission of the company.
Just as social networking sites and other Web 2.0 applications have combined existing platforms to create a new way for users to communicate with each other, CSOs will need to combine knowledge of several aspects of business in order to effectively assess risk and communicate with executive management, according to Eric Domage, an information security analyst with IDC who focuses primarily on Western Europe. Domage recently spoke at a risk management conference about his vision of the duties for CSO 2.0.
Personal and communication skills are crucial for CSO 2.0 (a need that's been reflected in the "State of the CSO" survey results for years: Respondents in 2003 named communication as the most critical skill for success). While many security directors may have come into their roles with a primary focus on one security concentration with little focus or communication elsewhere in the organization, they will now be required to work with many others throughout.
Those who cannot, won't have a future, according to Tim Williams, director of global security at Caterpillar, the world's largest maker of construction and mining equipment, diesel and natural gas engines and industrial gas turbines. Williams likens the changing landscape to a game of musical chairs.
"The music has stopped and the people who are able to get the chairs today and in the future are the ones who really do have the business context and outlook."
Williams, a professional with decades of experience in security roles with companies such as Proctor & Gamble, Boise Cascade and Nortel, sat on the board of ASIS International, which first put together an official definition of a CSO five years ago. Today, Williams defines the role as one of enterprise security risk management.
"The CSO who has put together a cohesive strategy for the industry and the culture in which they work are probably the ones surviving this economic downturn," notes Williams. "They have the ability to explain what the security process is, link it to the business and show the value."
cso
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
