- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
The function of information security is splitting into two, with security technology implementation moving back into the IT department and the administration of information security becoming a management issue.
So says Eddie Zeitler, executive director of ISC2, an organization that issues Certified Information Systems Security Professional (CISSP) as well as a number of other security-related certifications. Zeitler gave the opening address at ISC2’s 2007 SecureAmericas conference being held near Washington, D.C., this week. During his talk he cited data from an ISF/ISC2 joint study, an ISC2/IDC joint study, and observations made by the SANS Institute.
The do’s and don’ts of an effective CISO
With this splintering, the role of the CISO – which he defines as the manager of information security – is changing.
“You need a solid grounding in technology to be a CISO … but to be an effective CISO, management skills now trump technology skills,” says Zeitler. “The role of the first-line security manager is moving back into IT … which is where it should be. But the oversight, policy making, [establishing] corporate programs, that’s moved more into management.”
Along with the new emphasis, however, is a shifting of accountability for IT security out of the IT department and up the corporate ladder to the CISO and even the CEO, he says.
Zeitler, who held a number of executive security positions at organizations including Charles Schwab before joining ISC2 last year, said CISOs who recognize that technology is the enabler of security, but not the solution, will prosper as the CISO’s management skills become more important than technical chops.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (4)
I'd rather have a rocketBy Anonymous on June 11, 2007, 11:36 amI'd rather have a rocket scientist with a science background than a rocket scientist with a business background.
Reply | Read entire comment
No, the previous comment isBy Anonymous on May 23, 2007, 12:58 pmNo, the previous comment is probably from a person who witnessed the CIO position evolve from one that was usually filled by the techie with the best people skills...
Reply | Read entire comment
Looks like the previousBy Anonymous on May 23, 2007, 10:37 amLooks like the previous commenter is a defensive techie apparently lacking in the "people skills" (his quotes, not mine). Anyone who doesn't think that planning,...
Reply | Read entire comment
The CISO's hatred of techiesBy Anonymous on May 23, 2007, 8:11 amSounds like a bunch of MBA types with "people skills" have found another role, that was traditionally reserved for people with technical aptitude, to latch on to....
Reply | Read entire comment
View all comments