Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Good policy makes for good security

Inergy Automotive shares strategies for creating policies that apply across the globe
By Paul Desmond , Network World , 09/10/2007
  • Share/Email
  • Comment
  • Print

Almost everyone agrees that proper security stems as much from good policy as it does from technology, but you don’t hear much about how to create great policies. Arun DeSouza is responsible for policy and a whole lot more at Inergy Automotive Systems, a manufacturer of plastic fuel systems that sells to automakers around the world. With some 4,500 employees in 18 countries, it’s not possible to create policy by consensus. DeSouza explains the strategy he used to shape Inergy’s security policies and shares his view on how proper identity management can make security a business enabler rather than a burden.

What is your role within the Inergy organization?

I head a global group called Strategic Planning and Information Security, which is a division of Information Systems and Services, what we call IS&S. I report to Inergy CIO Francois Fromange, with a dual role: I manage IS&S governance initiatives, such as Budget and Risk Management. I also serve as Inergy’s CISO.

Why did Inergy combine the strategic planning role with security?

The central themes interconnecting these areas are governance and process. Strategy, of course, is an ongoing process, and it helps promote alignment between IS&S and the organization to ensure IS&S is addressing current and future needs. But as we engage in new technology projects to enable the business, the impact of security should not be forgotten. Another key consideration is prioritizing new investments and managing the IT project portfolio.

What do you mean by governance?

Governance is the process and discipline to make sure that enterprise objectives are aligned in a proper discipline framework. There are several different angles, including accounting and financial controls. Then there’s governance centered on portfolio management: making sure projects come in under budget, deliver the value they promised and align with enterprise objectives. There’s also a compliance tier to it. Governance is actually a catch-all role for the idea of important business management disciplines. It’s not just IT, it’s really a business function. I focus on governance for IT, but governance can be extended to the whole business itself.

Who was involved in shaping security policies at Inergy?

We had a cross-functional team involving human resources and IS&S, as well as the legal department. The team had a variety of representatives, but the objective was to come up with a core set of policies based on industry best practices and [International Standards Organization] guidelines.

  • Share/Email
  • Comment
  • Print
Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.

Download the white paper.

Applications: taking back control

Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.

Learn more today.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Network World,to go. Wherever you are. Breaking news delivered to your mobile device. Select the hottest topics in networking and start receiving Network World on your mobile device today.