Tip

Why a CIO's relationship with enterprise IT security is important

In most of my security assessment projects, I work with CIOs in varying capacities. These CIOs will often be the project sponsors, but they mostly serve as the liaison to executive management.

Interestingly enough, I see a lot of CIOs who are mostly disconnected from the enterprise IT security assessment process. I'll even go so far as to say that a certain number of CIOs see security as a threat to their careers.

Requires Free Membership to View

 

If enterprise security is to be effective for the long haul, the role of the CIO has to be 'all in' on what's going on with security.

But according to recent studies, security is a growing concern for CIOs. Looking at the 2013 TechTarget annual IT Priorities Survey, 56% of respondents said data protection was their top priority. CIO magazine's 2013 State of the CIO Survey had similar findings. It found 70% of IT executives believed increasing threats around enterprise security will have an adverse impact on their organizations. And for this year, respondents to the National Association of State Chief Information Officers State CIO Priorities survey for 2014 said security was their top concern.

These survey results suggest that I'm seeing and hearing two different things. On one hand, there appears to be an arm's-length relationship between CIOs and security. But at the same time, studies show that security is front and center on the minds of many CIOs.

Based on my observations, there's little correlation between enterprise IT security and the size of the business or the industry in which it operates. But one thing is for sure: It doesn't matter if you're a CIO or you work for one and are partly responsible for minimizing information breach risks. If enterprise IT security is to be effective for the long haul, the role of the CIO has to be "all in" on what's going on with security.

To paraphrase Pat Riley, basketball coach and team owner, you're either in or you're out when it comes to commitment, because life in-between doesn't exist. This is especially true for what's happening with security assessments. These security assessments are the gauge -- the true indicator -- of where things actually stand regarding information breach risk.

Although some say life is good for CIOs, I still don't envy them. The CIO role is one that involves politics, numbers and maintaining a balance between management and workers to keep as many people as possible happy. It's also about corralling and keeping hard-headed IT professionals like me focused on the issues that matter. It may not be obvious to others outside of IT, but one thing is certain: The role of the CIO and the success of enterprise IT security are core elements that will make or break any organization.

Security is obviously a business issue that needs to be addressed at the highest levels. It doesn't matter which side of the equation you're on. Do what it takes to ensure CIOs and their team members have the resources they need to minimize the risk of information breaches. If that doesn't happen, the harsh realities will eventually surface.

About the author:
Kevin Beaver has worked for himself for more than 11 years as an information security consultant, expert witness and professional speaker with Atlanta-based Principle Logic LLC. He specializes in performing independent security assessments revolving around information risk management and is the author and co-author of many books, including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking for Dummies.

This was first published in January 2014

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Expert Discussion

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.