In Depth

Chaos in a Three-Ring Binder

By Sarah D. Scalet

July 01, 2003CSO — Bob Hayes is tackling chaos.

Chaos, in this case, resides in a set of three-ring binders that the former security director of Georgia-Pacific and former security operations manager for 3M has lugged around for months, and which he now plunks down on a table in a standard-issue conference room north of Atlanta. Inside the binders are hundreds of pages from dozens of legislative bodies, regulatory agencies and industry consortia around the world, all of which dictate what, since 9/11, companies should be doing to protect themselves against terrorismfrom monitoring factory ventilation systems to hardening computer networks to screening the staff who drive delivery trucks.

The papers are neatly punched, indexed and occasionally underlined with red pen. They are never dog-eared or crumpled. Hayes is far too fastidious for that.

Nevertheless, it's a futile attempt at organization. In fact, as I sit with Hayes at one of the Fortune 500 companies where he's been consulting since leaving Georgia-Pacific during a restructuring this past January, I get the sense that in his quest to conquer those reams of paper, he is losing.

"There's no way that you could be up on all this," says Hayes, 52, who has the sturdy but trim build of the Montana Army National Guard enlistee he once was and the Rolex watch and black sports jacket of the Southern businessman he now is. His neatly trimmed hair seems brown or gray depending on the light, just as his demeanor seems to oscillate between that of a confident scholar and that of a confused student, depending on the moment. He's a scholar in that he's spent months studying a wave of 9/11-inspired rules and guidelines that suggest, when pieced together, that security is well on its way to becoming a fully regulated industry. (This despite what the Bush administration would like you to believe: that market forces, more or less unaided, will compel right behavior.) He's a confused student in that the pages in his binders are teeming with legalese and potential contradictions that are far beyond the grasp of any one person. (After all, one mega law firm has put more than 50 attorneys from 17 disciplines in charge of trying to sort out what the new security rules mean for clients.)

"When you start putting this whole picture together of how complex and huge this security issue has become," Hayes says, winding himself up even as he tries not to rise off the seat of his chair, "it's not just computer security; it's not just physical security. It includes how you hire people, how you build your warehouses. That's the story we're trying to tell: the magnitude of what's coming down the road."

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
IT productivity challenges: Google survey results

GoogleIn this webcast, Google reveals results from a survey of message security and compliance priorities and concerns. Download a free copy of the survey report after registering.

» Watch the Webcast

Featured Sponsors
Sponsored Links

Secure your virtual and physical environments with the same software.

Can Google help you save time and money in your fight against spam?

An Executive Guide to Understanding Hosted Messaging Systems

ITCi White Paper: Challenges and Opportunities of PCI

The PCI Data Security Standard

Hardware-based security. That's IT as it should be.

A Guide to Providing Proactive Protection to Consumer Online Transactions

Webcast: Best practices in application security: How do you stack up?

White Paper: Use DAM technology when there is a need for granular monitoring.

This white paper presents document security strategies and best practices

IT Service Management: Metrics That Matter

White Paper: Learn more about how you can use compliance as a means of competitive differentiation.

Simple, Economical Server Virtualization For Any Size Company

Global Companies' Best Practices for Security and Compliance

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks

Eliminate network threats and downtime with Juniper Networks. View demo

Configuration Audit and Control for Virtualized Environments

Webcast: learn results from an annual Google message security survey of 575 global IT professionals

This whitepaper describes how you can test your Web applications with virtualization

Read The Evolution of Application Security in Online Banking White Paper

White Paper: Learn how to use Adaptec(R) Snap Server(TM) with MOBOTIX IP Network Cameras

Compliance: Moving From Mandate to Differentiator White Paper