Managing Security Risk
These guardians of the gate have found ways to effectively lock down their companies against ever-increasing threats.
Computerworld - Like an army under attack, most companies today find themselves surrounded by a growing number of threats, vulnerabilities and regulatory challenges. But the most successful and secure organizations are finding that in a world of limitless technology choices, the leadership abilities of their CIOs and chief information security officers are what make the difference.
David Jordan knows what it's like to be a wartime security leader. For the past two years, the CISO for the Arlington County Government in Virginia has had to deal with the ballooning security needs of federal intelligence agencies, the Pentagon, Reagan Washington National Airport and 3,500 county employees.
"I started the way a lot of people start, and that is with no staff and no budget," says Jordan. Prior to the Sept. 11 terrorist attacks, the county's IT security department had "no plan, no program and no buy-in," he recalls. "So we're talking about being creative and having to teach the technology leadership and agency department heads a lot about security."
But Arlington County's fortunes have changed in the two years since Jordan became CISO. Most notably home to Arlington National Cemetery and the Pentagon, the county not only has a plan and a program, but Jordan also personally ensures that there's buy-in and, more important, an understanding of security needs up and down the chain of command.
"Every new employee in the county gets to meet me," says Jordan, adding that the nation's most densely populated jurisdiction but smallest county by land area doesn't have a full-time IT security staff. "I consider every employee a staff member," he says. As such, he empowers them to take ownership of security.
"I can handle securing the network, but if I can hook them in by teaching them how to lessen their pain when something happens, I can make cybersecurity an effective skill that's useful in their personal lives as well," he says.
Jordan's approach is also having an effect up the chain of command. "I have an agreement with the chief operating officer that if things look really ugly, I pull the pipe," he says. "I don't have to ask."
Command and Control
That's the same kind of balance that David Bauer, Merrill Lynch & Co.'s first vice president and chief information security and privacy officer, has to contend with. "Now the [security] leadership has to have both kinds of expertise," says Bauer, referring to the ability to both link regulatory requirements to IT actions and programs as well as command daily security efforts.
"In the



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- End to End Unified Fabric TCO Calculator
- This tool will help you demonstrate financial justification for a unified fabric networking solution.
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will... All Financial Services White Papers
- Banking on the Mainframe
- This presentation will look at banking application issues and provide examples on how banks and financial market clients are responding to these challenges.
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn... All Financial Services Webcasts