- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
This is the first in a series of stories that will be addressed at the Security Standard event scheduled for Sept. 10-11 in Chicago.
“As a rule, men worry more about what they can’t see than what they can."
Julius Caesar
“Security decisions are almost never made for security reasons"
Bruce Schneier
Worrying almost seems to define the job of the CSO and CISO. The security chief is the corporate standard bearer for risk management in a world fraught with technical and human error, with hackers potentially lurking within and without.
When asked what they worry about, CSOs and CISOs cite regulatory compliance and security controls overlooked in IT projects. Some acknowledge a general angst that simply boils down to the great unknown of system-wide chaos.
But are security pros worrying about the right things? When asked this, many independent observers — former CSOs or consultants working with CSOs — offer a different perspective. They think security pros need to worry more about retaining the best staff and should be careful not to become too consumed with regulatory compliance.
Michael Barrett, CISO at eBay money-transfer service PayPal, says there is always an undercurrent of panic in the event that something blows up. “Most data centers are held together by sheer heroic effort," he says.
When Microsoft discloses software vulnerabilities, as it typically does every first Tuesday of the month, “We’re scurrying about to get patched, and I worry: What will the bad guys do before we patch everything?" Barrett notes.
Because PayPal is a global company, Barrett says he worries whether the company has the right interpretation on legislation and regulation related to data privacy around the world and the right controls in place.
His long-range concerns have him asking questions such as: In terms of stopping criminals and attackers, do we have the right investment mix and the right set of projects? Are new threats coming up that we need to re-balance that portfolio?
On occasion, Barrett’s concern is like an existential philosophy for preempting potential catastrophes. “What are we going to be worried about if we don’t worry about it?" he notes.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (2)
WHAT TO REALLY BE SCARED ABOUT!By Anonymous on May 29, 2007, 1:51 pmMichael Barrett, above you said: When Microsoft discloses software vulnerabilities, as it typically does every first Tuesday of the month, “We’re scurrying about...
Reply | Read entire comment
Re: Are security pros worrying about the right stuff?By Anonymous on May 29, 2007, 12:06 pmGreat article! Beth Cannon from Thomas Weisel Partners actually hits on an important point here, which is the fact that in many organizations, change is occurring...
Reply | Read entire comment
View all comments