Thomson CSO gives lowdown
Dennis Devlin said the reason that CSOs like himself have gray hair is that they get paid to think about the worst things that can happen to their organizations. And companies that do this well don't have to scramble as much when IT security threats emerge, he says.
Devlin shared his experiences as an enterprise decision maker yesterday at a Massachusetts Network Communications Council seminar on network security. Representatives from Cisco Systems Inc., Kroll Ontrack and RSA Security also participated. The Thomson executive heads a council of senior security officers at his company, which employs 38,000, and works with line-of-business personnel. "Security is definitely a team sport," he said.
Devlin said enterprise network security is evolving from what he called an egg model, in which the exterior is hard and the inside is soft, to a stealthy submarine model, where data is compartmentalized, and protection is approached from the inside out. Thomson uses technology from a host of companies, from big names such as Cisco to a mix of start-ups. But beyond technology, end-user awareness is hugely important, Devlin said. That's both in terms of what information they can and can't divulge to outsiders, as well as what constitutes appropriate network behavior.
While Devlin said he doesn't wish for bad things to happen to his counterparts at other companies, he added that CSOs must pounce on opportunities to justify security investments when for example, another company loses backup tapes or has its network crippled by a worm. "You want to use real-life business examples," he said.
Hopefully this weblog can help you with these "opportunities"...
CATEGORIES: 1panel, 1advice, 1trends, 1best practices
Devlin shared his experiences as an enterprise decision maker yesterday at a Massachusetts Network Communications Council seminar on network security. Representatives from Cisco Systems Inc., Kroll Ontrack and RSA Security also participated. The Thomson executive heads a council of senior security officers at his company, which employs 38,000, and works with line-of-business personnel. "Security is definitely a team sport," he said.
Devlin said enterprise network security is evolving from what he called an egg model, in which the exterior is hard and the inside is soft, to a stealthy submarine model, where data is compartmentalized, and protection is approached from the inside out. Thomson uses technology from a host of companies, from big names such as Cisco to a mix of start-ups. But beyond technology, end-user awareness is hugely important, Devlin said. That's both in terms of what information they can and can't divulge to outsiders, as well as what constitutes appropriate network behavior.
While Devlin said he doesn't wish for bad things to happen to his counterparts at other companies, he added that CSOs must pounce on opportunities to justify security investments when for example, another company loses backup tapes or has its network crippled by a worm. "You want to use real-life business examples," he said.
Hopefully this weblog can help you with these "opportunities"...
CATEGORIES: 1panel, 1advice, 1trends, 1best practices
0 Comments:
Post a Comment
<< Home