[ISN] Make security a business issue

InfoSec News isn at c4i.org
Thu Mar 24 04:45:01 EST 2005


http://www.fcw.com/article88378-03-23-05-Web

By Florence Olsen
March 23, 2005 

Chief information security officers (CISOs) who learn to speak the
language of the executive suite can look forward to lifetime careers,
but those who know only "geek speak" will find themselves left behind.

That view held sway among the information technology security
officials gathered this week in Bethesda, Md., at the annual
conference of the Federal Information Systems Security Educators'
Association's (FISSEA).

To have an effective information security program, agencies need a
CISO "who can communicate well in business terms," said James Golden,
IT governance executive at the U.S. Postal Service. He added that a
CISO's position within an organizational chart is less important than
whether the person can communicate comfortably and effectively with
senior officials.

Under federal law, CISOs report to agencies' chief information
officers, which has meant that many federal CISOs have an IT
background, said Jane Norris, senior information security official at
the State Department.

But a trend now seen in business could influence how the federal
CISO's position evolves, Norris said, citing a Forrester Research
estimate that 75 percent of the largest companies will have a chief
risk officer by 2007.

Norris said other security experts believe that a legal background and
professional certification, in addition to IT experience, may become
prerequisites for chief security officials. The profession is changing
rapidly, she said, "so where we are going is open at this point."

FISSEA is a national group that promotes awareness, training and
education in IT systems security. Since November 2004, it has
conducted free security education and awareness workshops for more
than 100 federal employees and contractors.





More information about the ISN mailing list