A Security Chief SpeaksBy Ericka Chickowski | Posted 2008-06-02 Email Print
The security risks IT managers worry about the most aren’t the same ones they spend their company’s money on. What’s going on? Baseline set out to get some answers.
A Security Chief Speaks
In order to get the most from a security budget, security managers need to do more than assess emerging threats and evaluate the latest technology to meet these threats. Security practitioners also need to know the business, so they can pinpoint how those threats directly relate to their organizations’ well-being, says Andre Gold, head of technology risk management at ING U.S. Financial Services.
“I think that’s an area where we as CISOs have trouble,” he says. “We sometimes look at where the industry is going and what the newer technology is going to be without focusing on where our own firms and our verticals are going. If we focus on our business, the technology will take care of itself, but if we let technology drive our strategy, then we always get into cyclical conversations about the return on investment, and we continually have to explain the value of the spending.”
Lining up security priorities with business priorities will curry favor with the C-suite and will often result in freed-up dollars to get the necessary projects under way.
Gold recently implemented data-leak prevention to provide ample protection for a number of business-side initiatives. At the top of that list was growth through acquisitions. The type of high-profile deals the firm aims to carry out could be jeopardized if an employee leaked information before an acquisition went through. That’s a threat Gold saw firsthand at his previous job as CISO of Continental Airlines.
“There was a rumor during my tenure that there was a slight chance Continental would buy Delta Airlines,” he says. “Word got out that we had assembled a mergers and acquisitions team to handle it, and then information leaked that Continental was actually getting ready to do this. Share prices at Delta went through the roof, so the acquisition never occurred.”
*View the research that was the basis for this article.