Blogs
C. J. Kelly's picture
C. J. Kelly

A Day in the Life of an Information Security Officer

More posts |

July 13, 2006 - 6:00 P.M.

Resignation at Ohio University

. What's this?

According to this CW story, the CIO at Ohio University has resigned stating, "...it has become clear to me that a new energy level and skill set is going to be required in order to allow our IT organization to realize its potential".  The handwriting was on the wall.  The exposure of the security breaches at Ohio U has left the University reeling under the impact.

What strikes me about this situation, and the thing that I think CIO's world wide need to understand, is that they are responsible for the bottom line of security.  The article goes on to say that the external security consulting house called in to perform a security assessment "...identified a siloed culture and a quasi-combative relationship between the university’s network and computer services groups as reasons for a relative lack of good security practices."  This is just all too common.

Remember when IT and Security were under the same roof, reporting up to the CIO?  Then, along came the likes of Sarbanes-Oxley, and things began to change.  It was no longer considered a good practice, from an audit point of view, for IT and Security to be in the same chain of command.  Many companies pulled Security out from under IT and shoved them under Finance or Audit.  Some companies formed a new department altogether and hired a CSO that reported to the CEO and the board, who was on equal footing with the CIO.

In all the jockeying for position, security has bounced around.  It is not surprising that a "siloed culture and a quasi-combative relationship" existed at the University.  This is common in many companies and it's all about power and politics.  The lessons to learn are:
1.  The Board and the CEO are responsible for security
2.  The Board and the CEO need to send a clear message to the CIO and CSO that they must play well together in the sandbox, or it's both their behinds on the line

If the Board ignores security, they will lose their financial investments, their reputations, their status, and maybe even their company or organization.  Information Security is just that important.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?

Related Posts

Hey! Eyes on YOUR OWN PAPER, please!
Apple is "ten years behind Microsoft" on security says security firm Kaspersky
How to stop mobile malware before game-over infections? Meet zDefender
TSA should stop banning items, stop 'unending nightmare' of USA air travel

Today's Top Stories

Essential browser tools for Web developers
Hands on: The new iPad
Microsoft cuts the prices of some Office 365 plans
Google works to overhaul its search
Mozilla will start Firefox silent updates in June
Preston Gralla: Big backlash is building against Windows 8. Will Microsoft listen?