Make security a business issue

Chief information security officers (CISOs) who learn to speak the language of the executive suite can look forward to lifetime careers, but those who know only "geek speak" will find themselves left behind.

That view held sway among the information technology security officials gathered this week in Bethesda, Md., at the annual conference of the Federal Information Systems Security Educators’ Association’s (FISSEA).

To have an effective information security program, agencies need a CISO "who can communicate well in business terms," said James Golden, IT governance executive at the U.S. Postal Service. He added that a CISO's position within an organizational chart is less important than whether the person can communicate comfortably and effectively with senior officials.

Under federal law, CISOs report to agencies' chief information officers, which has meant that many federal CISOs have an IT background, said Jane Norris, senior information security official at the State Department.

But a trend now seen in business could influence how the federal CISO's position evolves, Norris said, citing a Forrester Research estimate that 75 percent of the largest companies will have a chief risk officer by 2007.

Norris said other security experts believe that a legal background and professional certification, in addition to IT experience, may become prerequisites for chief security officials. The profession is changing rapidly, she said, "so where we are going is open at this point."

FISSEA is a national group that promotes awareness, training and education in IT systems security. Since November 2004, it has conducted free security education and awareness workshops for more than 100 federal employees and contractors.

Featured

  • Defense
    concept image of radio communication (DARPA)

    What to look for in DOD's coming spectrum strategy

    Interoperability, integration and JADC2 are likely to figure into an updated electromagnetic spectrum strategy expected soon from the Department of Defense.

  • FCW Perspectives
    data funnel (anttoniart/Shutterstock.com)

    Real-world data management

    The pandemic has put new demands on data teams, but old obstacles are still hindering agency efforts.

Stay Connected