CSO

Encrypt all of your laptops, or else...

Judi Hasson — Tue, 22 Jul 2008 22:01:32 -0400

How easy is it to lose a laptop computer? Very easy. More than 5,000 laptops are lost in taxis in London, New York, Chicago and other large cities every year, and many more disappear at airports and in other situations.

And that means IT executives must make the security investment to encrypt their company laptops and secure sensitive data. "As a CSO, one of your top priorities is probably to keep your company off the front page of the news. Is it inexcusable to have laptops in the field with unencrypted hard drives,'' writes NetworkWorld. While it could become costly and at times complicated, the experts say it worth the money and effort to get the right encryption solution to insure total security.

For more on protecting laptops:
- see this NetworkWorld article

Where's your lawyer?

Thu, 06 Mar 2008 06:59:56 -0500

Every CIO has his team. It usually includes a CSO, a CFO, maybe a COO and an IT staff. But where's the lawyer? These days, it's more and more important to have the advice of a lawyer--one who has the knowledge of what the IT department does. It's no longer just about the details of a contract that you may be signing. The more that a lawyer handling your contract knows what you do, the better they will be able to represent you in any kind of negotiation.

For more on the importance of good legal advice:
- see this cioinsight.com article

The CIO must keep the customer happy

Thu, 13 Dec 2007 06:59:59 -0500

With the New Year fast approaching, the first resolution for any CIO should be customer satisfaction. And that's a pretty big order for most CIOs who do not think customer happiness is their number one priority. A recent "State of the CIO" survey for CIO Magazine found that only 10 percent of those surveyed considered external customer focus to be a core competency for CIOs. Add to that the fact that respondents spend less than 10 percent of their time dealing with customers, and you have a very real problem that is not going away. "Many CIOs are a little cavalier about making raising customer satisfaction an explicit goal," says Harley Manning, vice president and director of Forrester Research's customer experience group.

The CIOs who do make customer satisfaction a priority get a rewarding return, saving money and increasing productivity at their organizations. In fact, CIOs can help reshape their role in a company by making customer satisfaction a key goal and integrating their work with the overall business objectives of their company.

Just to give one example of how it can work, listen to the story of Pat Lawicki, the CIO of Pacific Gas and Electric Company, a $12.5 billion San Francisco-based utility. With an energy crisis in California and the Enron debacle threatening to tarnish the utility's reputation, Lawicki began working on a series of customer-focused projects that were highly successful. She made it possible for PG&E to collect utility use data without going door-to-door or setting foot on a customer's property. And future plans will make it possible for customers to gather usage information about their bills online. That will allow consumers to determine the most efficient time to run a dishwasher, air conditioner or do a load of laundry.

"The SmartMeter project is geared toward letting our customers have more control over their energy consumption while helping them save money in the process," Lawicki said. There are plenty of programs that any CIO could find to make customers happier. The trick is to implement one.

For tips on customer satisfaction:
- Check out this CIO Magazine Article

Today's state of insecurity

Thu, 27 Sep 2007 07:00:00 -0400

It was quite a surprise to read that the personal information of 1,200 eBay users was posted online this week. Luckily, as you'll read in our first story, it looks like there was no security breach of the network and it appears that the exposed credit card numbers were not valid. Still, it focuses our attention on the large number of hackers who are out there, waiting and ready to pounce on our data.

I had the opportunity this week to meet with Michael Barrett, the CISO of PayPal, which is now owned by eBay. We talked a bit about the state of security in general and discussed how he and other C-level executives, including the CIO, collaborate at PayPal. I have to say, he has a pretty realistic view. He noted--much to the dismay of his PR reps--that no enterprise can ever be fully risk free, but went on to add that none of us live risk free lives either. The question really is, how much is the right amount of risk to absorb, and what do you have to do to get to that acceptable level of risk? A fortress mentality--the idea that you can keep the bad guys away by building walls and trenches around the enterprise--will not, by itself, help you understand risk or get your organization to that level. What is needed is a culture of security in which people throughout the enterprise have a common understanding of what constitutes risky behavior, and then apply security measures accordingly, as they develop new business processes and collaboration links within and between their enterprises.

In this issue, I also link to an interesting interview with a convicted hacker. In his words: breaking into computers at telecom companies was "so easy a caveman could do it." This 23-year old begins his two-year sentence in federal prison today. Let me know what you think about the state of security--or insecurity-- in your network. -Patty

CIOs and CSOs: Why can't they get along?

Mon, 17 Sep 2007 06:59:59 -0400

CIOs and CSOs don't always see eye to eye. That, at least, was the message last week in Chicago at The Security Standard conference. Geir Ramleth, senior vice president and CIO at Bechtel and Andy Ellis, senior director of information security and chief security architect with Akamai, took the stage to discuss priorities of the two disciplines: as it turns out, they do not always match up. Ellis contends that CIOs should be more forthcoming with their technology plans and should consult CSOs in advance. Security professionals shouldn't be put in the position of always having to retrofit security, he said. Meanwhile, Ramleth said that security professionals are not always open to suggestions from IT. "Security people have this phrase, 'yes, but…'" he said, explaining that the phrase generally translates as: "I agree with you, but I don't agree with you, and therefore I'm going to mess you up," he said. Fixing the problem has a lot to do with communication, both execs agree. Having more information about the business drivers behind technology decisions would help CSOs understand strategic priorities.

For more information:
- see the article in NetworkWorld

Consumer tech in the enterprise? Caveat emptor...

Thu, 06 Sep 2007 06:59:58 -0400

In new CIO survey from the Yankee Group, 86 percent of the respondents said that they had used at least one consumer technology in the workplace, to either stimulate innovation or realize gains in productivity. While you have got to admire their creative flair, security professionals in the enterprise are pulling their hair out because of the risks associated with these vulnerable devices and applications. But is it right for a CIO or CSO to ban the technology? ComputerWorld lists 8 collaboration and consumer tools that are making their way into businesses.

Topping the list is instant messaging; Yankee says that 40 percent of respondents use consumer IM technology at work. One way to deal with the security threat is to implement an internal IM server. Up next is webmail and portable storage devices. Some 50 percent of those surveyed by Yankee said they use webmail. Again, security is the big trade off here for convenience. PDAs, smartphones and camera phones are also causing a lot of headaches for CIOs, primarily because employees are coming to work and trying to sync up these devices with their computers. This can create big problems, ranging from application glitches to blue screens. Rounding out the list is Skype, downloadable widgets and virtual worlds. There's no doubt that it's a new world out there… buyer beware.

To read more about the security risks:
- see the article in Computerworld

CIO compensation up a bit, with big exceptions

Wed, 04 Jul 2007 20:01:39 -0400

Management consulting firm Janco Associates this week released its mid-year 2007 IT Salary Survey, based on submitted survey forms and public sources like SEC filings. The overall mean for IT jobs is up just 1.13 percent over 2006's figure, but take a look at what some CIOs are bringing in: Timothy Shack, CIO of PNC Financial, makes $510,000 annually…and close to $6 million in total compensation; Gregor Bailar, CIO of Capital One Financial, $466,667 annually and $4.5 million in total compensation, while John J. Sullivan, CIO of Liz Claiborne, makes $491,666 annually and just under $1.5 million in total compensation. These numbers really are the exception, however, not the rule. Total compensation for CIOs was typically between $169,504 and $174,979. Meanwhile, Janco notes that CSO compensation rose more than 8 percent over last year. The average total compensation for CSOs is $141,154 to $152,563.

For more on the survey results:
- see the study
- as well as this article from NetworkWorld
- and this article from CIO Magazine

ALSO NOTED: Poor time management; The tech skills crisis;

Sun, 13 May 2007 20:01:38 -0400

> Managing poor time managers on your staff. Blog

> Offshoring, ageism and image blamed for tech skills crisis. Article

> CIO and CSO: fox watching the henhouse? Article

> Study: More than 80 percent of companies plan to expand their data centers. Press release

> IBM announces a "Big Green" initiative. Article

> Addressing business initiatives with end-to-end data integration platforms. Webcast

And Finally… The IT manager's freak-out point. Article

ALSO NOTED: Bridging the gap; Making the transition to IP telephony;

Mon, 26 Mar 2007 20:01:38 -0400

> IT managers and bridging the gap. Blog

> Making the transition to IP telephony. Article

> Does the role of CSO make sense? Article

> IT governance vendors are failing small firms. Article

> Safely disposing of old mobile equipment. Article

> Small firms' CEOs think IT is key. Article

> Do CIOs need more compliance training? Article

And Finally … Skype in the enterprise? Article

The lines between the CIO and CTO are blurring

Sun, 21 Jan 2007 19:01:39 -0500

Although the role of the CIO, CEO, CSO and other executive-level officers are fairly well-defined, the role of the Chief Technology Officer is often more ambiguous. In some companies, the CTO heads research and development. In other companies, the CTO is just like a CIO. In still others, the CIO reports to the CTO. And there are also CTOs who work in IT departments and report to the CIO. In short, the lines that divide the job of the CTO from that of the CIO are blurring. Because of this fact, these two executive-level officers must have a close relationship to successfully run an IT shop. But the CTO's seeming encroachment on what was once the CIO's turf also has a lot to do with the evolution of the chief information officer's job, because many companies' CIOs today are so management-oriented that they may not be in tune with technology on a day-to-day basis.

For more on the blurring distinction between CIO and CTO:
- see this ComputerWorld article