http://itknowledgeexchange.techtarget.com/security-bytes/the-changing-role-of-the-cso/ A SearchSecurity.com blog Wed, 25 Nov 2009 12:17:32 +0000 http://wordpress.org/?v=2.6.2 http://itknowledgeexchange.techtarget.com/security-bytes/the-changing-role-of-the-cso/#comment-452 Pragmatic CSO Weekly #38 | Stop ID Thieves Wed, 12 Dec 2007 18:14:22 +0000 http://security.blogs.techtarget.com/2007/12/07/the-changing-role-of-the-cso/#comment-452 [...] It’s nice when the market comes to you. I’ve been talking about the need for Chief Security Officers to become more business oriented, rather than technically focused, for a long time. Now it seems this is the discussion that the “cool kids” are having at conferences and other venues. TechTarget’s Dennis Fisher talks about a panel at their recent Information Security Decisions show that basically say the skill set of the CSO needs to rapidly expand. [...] [...] It’s nice when the market comes to you. I’ve been talking about the need for Chief Security Officers to become more business oriented, rather than technically focused, for a long time. Now it seems this is the discussion that the “cool kids” are having at conferences and other venues. TechTarget’s Dennis Fisher talks about a panel at their recent Information Security Decisions show that basically say the skill set of the CSO needs to rapidly expand. [...]

]]> http://itknowledgeexchange.techtarget.com/security-bytes/the-changing-role-of-the-cso/#comment-451 Roger Halbheer Fri, 07 Dec 2007 22:55:02 +0000 http://security.blogs.techtarget.com/2007/12/07/the-changing-role-of-the-cso/#comment-451 Hi Dennis, this is actually interesting. A few years ago I ran a CSO Roundtable in Switzerland with the title "Who is in Charge" and the result was mainly that the job of the CSO is to communicate the information security risks to management and then it is the management's resposibility to decide on their risk appetite. Additionally we published a study at RSA Europe about the collaboration between Security, Privacy and Marketing (as a placeholder for business). You can find the most important results here: http://blogs.technet.com/rhalbheer/archive/2007/10/23/rsa-europe-are-you-ready-for-security-and-privacy.aspx The lowlights to me were that only approx. 30% of the Marketing people are asking Security/Privacy people when they handle critical data (PII). in Security, Privacy however 80% think that they were asked... The reason? Well only 21% of the Marketing see security and privacy objectives NOT being in conflict with business objectives.... So, I fully support your view Roger Hi Dennis,
this is actually interesting. A few years ago I ran a CSO Roundtable in Switzerland with the title “Who is in Charge” and the result was mainly that the job of the CSO is to communicate the information security risks to management and then it is the management’s resposibility to decide on their risk appetite.
Additionally we published a study at RSA Europe about the collaboration between Security, Privacy and Marketing (as a placeholder for business). You can find the most important results here: <a href="http://blogs.technet.com/rhalbheer/archive/2007/10/23/rsa-europe-are-you-ready-for-security-and-privacy.aspx" title="http://blogs.technet.com/rhalbheer/archive/2007/10/23/rsa-europe-are-you-ready-for-security-and-privacy.aspx" target="_blank">http://blogs.technet.com/rhalbheer/archi…</a> The lowlights to me were that only approx. 30% of the Marketing people are asking Security/Privacy people when they handle critical data (PII). in Security, Privacy however 80% think that they were asked… The reason? Well only 21% of the Marketing see security and privacy objectives NOT being in conflict with business objectives….
So, I fully support your view
Roger

]]>