Security Is Not Insurance

What's the hardest part of a chief security officer's job? Evaluating new technologies? Establishing policies for users to follow? Actually, it's more political than that, Jim Routh, chief security officer of Depository Trust & Clearing Corp., said during an Interop presentation Tuesday. "The hardest part of a CSO's job is influencing information security and practices that will be implemented throughout an organization," he said. "It's a delicate process, particularly when you're asking an IT o

Larry Greenemeier, Contributor

December 14, 2005

2 Min Read

What's the hardest part of a chief security officer's job? Evaluating new technologies? Establishing policies for users to follow? Actually, it's more political than that, Jim Routh, chief security officer of Depository Trust & Clearing Corp., said during an Interop presentation Tuesday. "The hardest part of a CSO's job is influencing information security and practices that will be implemented throughout an organization," he said. "It's a delicate process, particularly when you're asking an IT or business manager to rethink how they operate. Education is probably the most important strategic tool for a CSO, without a doubt." And you thought wayward data tapes throwing themselves off of the back of delivery trucks were going to be your biggest challenge.Security threats are changing all the time, based upon people, processes, and technology introduced into IT environments. CSOs have to take information about threats both within and outside their networks, figure out how they change from day to day and create a risk profile they can share with the business side of the house. "Once you have a risk profile, you have context for decision making," said Routh, whose company and its subsidiaries provide clearing, settlement, and custody of most U.S. securities transactions.

Chief security officers speak the language of risk management, which is statistics. The more information they have, the better they can secure a company. "Although there's no way to eliminate risk, companies can manage risk," noted Routh, a former chief information security officer with American Express.

Statistics are useful in another way; they help security executives justify investments in the products and services they buy. The old adage of security being like insurance won't fly anymore. "When you bring an umbrella, it usually doesn't rain," Routh said. That's why it's important for chief security officers to think in terms of how much money their companies could be spending on government fines, customer lawsuits, and contingency plans for when their systems get hacked.

Read more about:

2005

About the Author(s)

Larry Greenemeier

Larry Greenemeier

Contributor

See more from Larry Greenemeier
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

US Secretary of State Antony Blinken stands at a lectern on a large stage with projection screens everywhere.
Cybersecurity Operations
Blinken: Digital Solidarity Is 'North Star' for US PolicyBlinken: Digital Solidarity Is 'North Star' for US Policy
byKaren Spiegelman, Features Editor
May 7, 2024
3 Min Read
Globe, plane, truck, person, and stack of boxes against a world map
Cyber Risk
Supply Chain Breaches Up 68% Year Over Year, According to DBIRDBIR: Supply Chain Breaches Up 68% YoY (Depending on your Definition)
byNate Nelson, Contributing Writer
May 6, 2024
2 Min Read
thumbnail
Identity & Access Management Security
Microsoft Previews Feature to Block Malicious OAuth AppsMicrosoft Previews Feature to Block Malicious OAuth Apps
byJeffrey Schwartz, Contributing Writer
May 6, 2024
3 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events