Managing Security Risk
These guardians of the gate have found ways to effectively lock down their companies against ever-increasing threats.
January 5, 2004 12:00 PM ETComputerworld -
Like an army under attack, most companies today find themselves surrounded by a growing number of threats, vulnerabilities and regulatory challenges. But the most successful and secure organizations are finding that in a world of limitless technology choices, the leadership abilities of their CIOs and chief information security officers are what make the difference.
David Jordan knows what it's like to be a wartime security leader. For the past two years, the CISO for the Arlington County Government in Virginia has had to deal with the ballooning security needs of federal intelligence agencies, the Pentagon, Reagan Washington National Airport and 3,500 county employees.
"I started the way a lot of people start, and that is with no staff and no budget," says Jordan. Prior to the Sept. 11 terrorist attacks, the county's IT security department had "no plan, no program and no buy-in," he recalls. "So we're talking about being creative and having to teach the technology leadership and agency department heads a lot about security."
But Arlington County's fortunes have changed in the two years since Jordan became CISO. Most notably home to Arlington National Cemetery and the Pentagon, the county not only has a plan and a program, but Jordan also personally ensures that there's buy-in and, more important, an understanding of security needs up and down the chain of command.
"Every new employee in the county gets to meet me," says Jordan, adding that the nation's most densely populated jurisdiction but smallest county by land area doesn't have a full-time IT security staff. "I consider every employee a staff member," he says. As such, he empowers them to take ownership of security.
"I can handle securing the network, but if I can hook them in by teaching them how to lessen their pain when something happens, I can make cybersecurity an effective skill that's useful in their personal lives as well," he says.
Jordan's approach is also having an effect up the chain of command. "I have an agreement with the chief operating officer that if things look really ugly, I pull the pipe," he says. "I don't have to ask."
Command and Control
That's the same kind of balance that David Bauer, Merrill Lynch & Co.'s first vice president and chief information security and privacy officer, has to contend with. "Now the [security] leadership has to have both kinds of expertise," says Bauer, referring to the ability to both link regulatory requirements to IT actions and programs as well as command daily security efforts.
"In the
Financial
Additional Resources



White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

