• United States



sarah d_scalet
Senior Editor

How the Stars Aligned

Apr 15, 20051 min
CSO and CISOData and Information Security

1. Constellation was ripe for change, with a new CEO who had replaced most of the senior management team.

2. The company had a new focus on enterprise risk management, overseen by a chief risk officer who is concerned with operational as well as financial risks.

3. As a heavily regulated company, Constellation felt an acute need to establish segregation of duties between the management and control of IT systems.

4. Convergence didn’t begin as a “project.” It started happening naturally.

5. The CIO didn’t lose much staff or budget when she gave up control of IT security. The new information protection department operates like a consulting service to IT.

6. Both the physical security and IT security staffs perceived their status in the organization as being elevated.