{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1400px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Sony Appoints CISO in Response to PlayStation Attacks……But Reports to the CIO?????

by Ed Adams on August 24, 2011

Sony_Playstation_3_thumb230 A few months ago, Sony announced that it was created a new CISO position, reporting directly to the CIO, in response to the attacks against PlayStation. I’m encouraged by the fact that Sony realizes they need someone focused on data security – but discouraged that they’ll be reporting to the CIO, who almost always has a fundamental conflict of interest and often reduces this role to a figurehead. CIO’s are typically responsible for the information technology and systems that support enterprise operations, and they need them to be high-performing and feature rich (and security often crimps that style).

If I were CEO of a multinational enterprise like Sony, MassMutual, SAP, and others, I would place my CISO reporting to the most senior risk executive in the company and have that person report to me. I would create a nested risk-based approach to data/information protection. For example, Application Security would be part of a larger Information Security group, which would be part of a larger risk group, which is responsible for assessing risk in the context of business continuity and operations.

Security and risk are elements of _every_ person’s job, and the group who’s “responsible” for security has the charter of assuring the dissemination and absorption of those security/risk elements (making it part of the culture vs. doing all the security work themselves in the security group.) This would be my yin to the CIO and IT yang of faster, cheaper, more efficient automation of data management.

Companies like Thomson Financial, Liberty Mutual, and SAP had it right, imo, and changed things – which sent their CSO’s running away and significantly weakened their security posture overall.

Topics: security awareness

Most Recent

What's Trending

Featured Resource