CIOs are responsible for protecting the company's information, but CFOs approve the IT budget and they often have to deal with the fallout of a data breach, such as reporting on the financial results and notifying victims. Because of their involvement in breaches, finance officers should be involved in planning for data security as well, writes Fred O'Connor of IDG News Service.

The job of the CIO is to explain how investing in security will save the company money down the road, said Mike Dandini, head of the management and professional liability underwriting unit at The Hartford. The job of the CFO is to listen to the CIO. "A lot of mistakes CIOs made in the past [involved focusing] on the technical aspects of the things that [they] were purchasing," he said.

Industry experts advise that security planning should include input from throughout an entire organization so that every unit has to examine the impact of potential data loss.

"The CFO has a strategic role in encouraging the policies and processes that enable the business to handle the risk themselves," said Jay Heiser, a research vice president at Gartner. "It's unrealistic to expect the CFO to understand security completely, as it is for the security professional to understand finance completely."

CFOs can help business units determine "an economically appropriate set of controls and countermeasures" for sensitive data, Heiser suggested.  This approach helps units understand the risks their data faces.

For more:
- see Fred O'Connor's article at CSO

Related Articles:
To get priorities funded, understand the CFO's worries
Survey of CFOs says they're encroaching on CIOs more
CFOs explain what they want from IT
7 things you're not hearing from the CFO