Chapter 3. Executive Support

Previous page
Table of content
Next page

Senior managers and CIOs can no longer sit back and assume that computer security is being adequately addressed by someone within their company. Senior managers need to assume an active role in addressing the security on their systems and organizations, and provide a logical way to address the problems.

Mike Hager, VP Security Oppenheimer Funds

Six months ago, you finally made the grade and advanced to Chief Information Officer (CIO) of a major corporation. As a good CIO, you stress the importance of security over and over again to your senior managers. In fact, you make it known in no uncertain terms that your network must be secure. Period. Done. No questions asked.

Imagine your surprise one Monday morning when you open the Mercury News and find your company in the headlines and not for its surprising quarterly results. The story details a hacker's attack on your company's network. The hacker stole proprietary information and posted it to the Internet for the world to see. It's front-page news; you wonder whether you will be on CNN today. You also wonder what this will do to the stock price. What will the shareholders say?

As the week goes on, your support staff tries to get things under control. Unfortunately, there are so many security risks on your network that the task seems almost insurmountable. The hacker underground apparently knows that and seems to be using your network for target practice. The attacks persist not once, or twice, but over and over again.

How did this happen? You told your senior staff that security was a major concern and you expected security to be a priority. Didn't they hear you? How could they allow electronic intruders to steal company secrets? Even worse, the continued attacks are trashing your company's reputation a reputation you worked endlessly to achieve. As CIO, your reputation isn't faring very well either. It's your network, so the spotlight is on you.

Seem impossible? Unlikely? This situation may be fabricated, but this situation is real and often faced by new CIOs. Aspiring officers rarely have full knowledge of the network's configuration and status. Before accepting the post, few candidates ask whether the network recently underwent (and passed) a security audit. Even fewer receive an executive-level summary showing the level of risk or really have a good feel for what security is like in the trenches.

In large companies, layers of management often separate the line-level managers from executives. As a result, communication suffers. Information from the top down can fail to arrive. Likewise, communications from the bottom up can easily be misdirected or modified.

Obviously, no executive, manager, or supervisor ever really thinks that their network will be the hacking zone featured on next week's edition of 60 Minutes or Hard Copy. But unless you know what's really happening in the trenches, your company may be at risk. Make sure the executives in your company aren't dictating from above with their heads in the clouds. Keeping the lines of communication open to the top is one of the most important steps in making sure your network is secure. Just consider…


Previous page
Table of content
Next page
IT Security. Risking the Corporation
IT Security: Risking the Corporation
ISBN: 013101112X
EAN: 2147483647
Year: 2003
Pages: 73
Authors: Linda McCarthy
BUY ON AMAZON
MySQL Stored Procedure Programming
Strategies for Information Technology Governance
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Adobe After Effects 7.0 Studio Techniques
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy