Strategien


IT-Sicherheit

The Chief Security Officer... Is It Time?

07.04.2003
Von Ann Toh
Die Sicherheit des Unternehmensnetzwerks gehört auf der Prioritätenliste nach oben. Doch sollte der Aufgabenbereich dem Cio zugeordnet werden? Wäre es besser, einen gleichberechtigten Posten zu schaffen, der die Maßnahmen zur Absicherung unabhängig evaluieren kann?

Quelle: CIO Asia

September 11, 2001 was a wake-up call to businesses all over the world. Corporations, especially those in the U.S., whose operations came to a standstill after terrorists attacked the World Trade Center in New York, were made painfully aware of the urgent need to assess and upgrade the security protecting their information systems, and protect the privacy and physical security of their workplaces. As a result, many have established a new executive-level position, that of the Chief SecuritySecurity Officer (CSO), as a key step to achieving these goals. Alles zu Security auf CIO.de

The CSO in these organisations is the top security executive. His chief responsibility is to oversee a network of security directors and vendors who safeguard the company's assets, intellectual property and computer systems, and its employees' physical safety. He identifies protection goals and objectives consistent with the corporate strategic plan and manages the development and implementation of global security policy, standards, guidelines and procedures. He also maintains relationships with law enforcement and other government agencies and oversees the investigation of security breaches and associated disciplinary and legal matters. Finally, he works with outside consultants for independent security audits.

The trend of creating an executive-level position for the sole purpose of safeguarding corporate security does not seem to have permeated the Asian corporate landscape. The CSO remains an American phenomenon, says Reza Ghazali, a partner at international executive recruitment firm Korn/Ferry's Global Technology Market practice, which places senior-level IT and operations executives for ASEAN companies. "The CSO is still more a buzzword here. It is a position, title that is fairly new in this part of the world, though it may be more widely used in North America and Europe as a result of increased security awareness after Sept. 11, among big organisations with a huge repository of customer information."

Attempts by CIO Asia to find executives with the "CSO" title in mid-sized to large Asian enterprises, among them Singapore-based telco Starhub Pte Ltd and Thailand's largest mobile operator Advanced Info Service PLC, were unsuccessful. IT security and physical security functions at the companies we interviewed remain distinct: the de facto "CSO" is equivalent to the executive who oversees physical security at some organisations, while at others, he is the executive who deals solely with information technology, who has IT Security Manager or IT Manager as an equivalent title, and who commonly reports to the CIO.

Yap Chee Yuen, Group CIO of JTC Corp., Singapore's industrial landlord, associates the CSO title with a physical security responsibility. "The title CSO in some organisations refers to [the executive looking after] physical security; in these organisations the CSO [title] is created."

Zur Startseite