Security still an enigma for most CIOs

Among the challenges facing the modern CIO, convincing other executives to commit the same level of funding to security as to strategic, potentially money-making applications that directly advance organizational objectives is one of the most difficult. Still, as the stories in today's technology section illustrate, CIO's who don't integrate and deploy security strategies that pro-actively manage strategic risks do so at their peril. The main problem, as I see it, is that security is still seen by most organizations as an exercise in solid defense. The reason this approach is flawed, is that there are simply too many variables to account for--making security breaches all but inevitable. The InformationWeek article below illustrates a growing awareness among smart CIOs that security should not be viewed in a vacuum, but rather, should be integrated into the early stages of new business process design and application development. Similarly, NetworkWorld's coverage of the threats posed to Domain Name Systems, despite significant efforts and investments by corporate security professionals, illustrates the problems inherent in a defensive approach to security. The best defense, they say, is a strong offense. At any rate, I would be very interested to hear your thoughts on how CIOs can revise their approach to security, so if you have any ideas, please drop me a line. Enjoy the issue. -Patty