The fast changing technology world is impacting everything in our business and personal lives, and while security is a late bloomer, it is not immune to change. The big three: 9/11, Katrina and Sarbanes Oxley created a new world of terror, resilience and compliance, and turned security into a big dollar business, which drove innovation and is now changing the game by “IZING” the market.
Just today, a stranger came to my door claiming he was here to unclog a bathroom drain. I let him into my house without verifying his identity, and not only did he repair the drain, he also took off his shoes so he wouldn’t track mud on my floors. When he was done, I gave him a piece of paper that asked my bank to give him some money. He accepted it without a second glance.
While the Security 500 may have CSOs, CISOs and CIOs leveraging state-of-the art-technology to prevent cybercrime, the real arms race is upon the Security 50,000 (small and medium business or SMBs). And while the large organizations, if impacted, will have sway with their banks and made whole, the SMBs are more likely to end up the victim of crime, often without recourse.
The 2011 Security 500 survey conducted last spring identified that only 19 percent of Security 500 CSOs manage cyber security at their organizations. By the November 2011 Security 500 conference, we had an overwhelming request among attendees for cyber security sessions.
During the past year I have had the wonderful opportunity to meet and interview the best and brightest CSOs. Each was asked what every CEO should understand about security. Their ideas, advice and wisdom are shared with you in this month’s column. What should your CEO know? Share it with us at firstname.lastname@example.org
Security leadership and value is being tied directly to business unit and organizational goals as the best measure of its contribution. So directly tied, that business unit leaders are paying for risk management and security as a direct service versus an allocation. Further, these internal customers view security as a consultancy, and they are routinely seeking their advice to understand and manage risks enabling them to reach their objectives. The transparency of this relationship allows the business unit to identify security’s value to achieving their goals, resulting in increased reliance, use and spending with security.
Witness, if you will, 50 years of security art and science collapsed into the post 9/11 decade. When the dot com era burst, many venture dollars were looking for a place to work. 9/11, sadly, happened and was followed by many changes, including the creation of DHS and the promises to “inspect every bag at airports,” which led to the venture capital and curious question: Inspect them with what? The need rose, the money poured in. Innovation followed.
During the many conversations we have during the Security 500 research survey and interview process, one trend we do not include in the findings is how busy you are keeping your heads above water. A consequence of being more than fully employed is that many readers tell me that staying current with new trends, technologies and best practices is a constant challenge.
"When I was growing up in New Jersey, going to the World Trade Center was a school trip,” I said to Lou Barani. “And it will be again,” he replied with enthusiasm and a smile as we walked through the 9/11 Museum, which is in the midst of construction and scheduled to open in 2012. Once it’s complete, expectations are for more than 1,500 visitors each hour.
During the recent federal government budget debates, the “peace dividend” of the 1990s was mentioned a few times. Does the U.S. get a “war dividend” in the risk/reward decision of business location and expansion?
Edward Snowden may have the reputation as the most infamous insider threat in recent history, but he’s not the only one who used his job and company resources to commit a crime. Learn why insider threat programs are necessary to allow the organization to prevent, detect, respond to and deter insider threats. Also in this issue: how security professionals can prevent workplace bullying, how mass notification is becoming part of the essential infrastructure of enterprises, and much more!