You probably remember that I recently talked about a new kind of CSO, the Chief Sourcing Officer (go to "Chief Sourcing Officer: New Role, New Reality" to refresh your memory).
This article from the McKinsey Quarterly is talking about the second kind of CSO: the Chief Security Officer. It starts with a big warning.
Attacks on corporate information systems by hackers, viruses, worms and the occasional disgruntled employee are increasing dramatically -- and costing companies a fortune. Last year, U.S. businesses reported 53,000 system break-ins -- a 150 percent increase over 2000. Indeed, the true number of security breaches is likely to have been much higher because concerns about negative publicity mean that almost two-thirds of all incidents actually go unreported.
What does this mean? A very simple thing. Security is no longer a technological problem calling for technological solutions. This is a business issue which needs to be addressed at corporate level by a specific executive. And these CSOs have real power.
Besides having a broader perspective on information security than IT managers do, CSOs at best-practice companies have the clout to make operational changes; the CSO at the personal-banking unit of a large European bank, for example, has the authority to halt the launch of a new product, branch or system if it is thought to pose a security threat to the organization.
Only the CEO can overrule the CSO -- and rarely does.
Source: The McKinsey Quarterly, Special to CNET News.com, June 6, 2002
5:31:47 PM Permalink
|
|
