2003 Resolutions: Staking Out New Territory

Bruce H. Bonsall | CISO | MassMutual Financial Group

• I resolve to further instill in my organization the need to plan for security rather than consider it at the last minute. We’ve gotten much better at that in recent years but still have a little way to go.
• to treat security even more as the business process that it is and less as a series of technical implementations.
• to spend more time on planned activity and less on reacting to crises, or should I say, perceived crises.

Matthew Speare | Director of IT Risk Management | Ohio Savings Bank

• I resolve to update my privacy policies.
• to conduct comprehensive distributed systems disaster recovery tests.
• to find a practical use for public-key infrastructure.
• to find a way to encrypt all customer information.
• to increase the security awareness in my organization.
• to stop “power users” from being able to download and install shareware from the Internet.

Rick Ramsey | Director of IT Risk Management | Bank One Investment Management Group

• I resolve to improve security awareness throughout the organization.
• to centralize distributed security administration functions.
• to implement a shared authentication environment leveraging single sign-on capabilities.
• then, we can go after world hunger….

Micki Krause | CISO | Pacific Life Insurance

• I resolve to provide security education and training. Building an effective security awareness campaign doesn’t incur enormous expense, but the resultant increase in awareness significantly impacts the mitigation of risk. Security education, done correctly, makes everyone in the company a deputized part of the program.

James R. Wade | Senior VP and CISO | KeyCorp

• I resolve to improve response time for information security service requests.
• to continue to increase security awareness across the organization.

John A. McCarthy | Executive Director of the Critical Infrastructure Protection Project, National Center for Technology & Law | George Mason University School of Law

• I resolve to expand the role of cooperative cybersecurity arrangements such as those begun by The SANS Institute concerning industry standards setting for cybersecurity.
• to work to break down the barriers that exist for true information sharing among the critical infrastructure sectors (government, industry and academia).

Chris Price | Director of Corporate Security Svcs. | Hydro One Networks

• I resolve to continue to promote the most cost-effective and visionary approach to asset protection being the “security triangle” (people security, information security and physical security).
• to try to determine new and improved methods to measure and quantify the value of security in an attempt to avoid an event epitaph of “security is always excessive until there’s not enough.”