{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1400px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Sony CISO Reporting to Executive Management.  Maybe Cyber Security Czar Will Follow Suit?

by Ed Adams on September 14, 2011

Cyber_security1 In my previous blog, I talked about how I was encouraged that Sony was going to create the CISO position, but disappointed that they’d be reporting to the  CIO (a position that I feel is inherently in a conflict of interest with the CISO position). However, I got some great news last week - Philip Reitinger was named the firm’s new senior vice president and CISO, and will report to the company’s executive vice president and general counsel. 

This is encouraging because Sony is now aligning security and the CISO position more with risk, liability, legal, and compliance areas. This is the polar opposite of a CIO or CTO who is all about efficiency, uptime, and making things more accessible, faster, etc. Somebody inside of Sony has got the right idea and is being listened to, which is a very good sign.

Hopefully someone in the Obama administration will see the light too.  This is analogous to the failings of Obama (and Bush before him) to recruit and maintain an impactful Cybersecurity Czar. Where the Czar reports is inconsistent with enabling them with authority.  The NSA still holds responsibility for cyber security and until that changes (or there is a reporting line between NSA and the Czar) it will be mainly a figurehead position. They can write all the policies and make all the speeches they want, but they have no authority to drive meaningful change because the NSA isn't accountable to the Czar's policies. 

 This is one reason I like Languevin's bill - it changes the reporting structure, makes real accountability measurable for all agencies and contractors, and creates a position reporting to the President that will oversee and influence the work of DHS (the group who is directly accountable for implementing and assuring the new cyber security measures & requirements.) It even calls for punitive measures for failure as well as regular audits and monitoring (not just paper audits) to make measurement more automated and regular. 

 Encouraging, very encouraging.

Topics: security awareness

Most Recent

What's Trending

Featured Resource