In Brief

ASIS Speaks Up on the CSO Role

By Simone Kaplan

June 01, 2003CSO — The first people with "Chief Security Officer" stamped on their business cards were almost exclusively in the information security realm. Now corporate security pros have decided they aren't letting go of that title without a fight. Recently ASIS, the 33,000-member American Society for Industrial Security, decided to weigh in, tasking its Guidelines Commission to create a formal CSO job description including security and risk management duties of all sorts. Two ASIS leadersDon Walker, chairman and CEO of Pinkerton Security & Investigations and president of ASIS, and Chad Callaghan, vice president of loss prevention for Marriott International and cochair of the commissionspoke to CSO Executive Editor Derek Slater about the process of developing the job description.

Don Walker, CEO of Pinkerton Security & Investigations: Frankly, there are very few chief security officers out there. A number of high-level security positions exist, and the function of CSO is being elevated all the time, but the concept of a chief security officer at the same level as a COO or a CFO hasn't caught on yet. We are seeing lots of VP- and director-level titles that afford broader responsibilities than that level would typically demand. But I think there's confusion as to what and who the CSO is or could be. In addition, the turf wars within organizations blur the line between top executives.

We want to advise the major recruiting firms that are accustomed to dealing with top level executive recruitingthe Heidrick & Struggles, the Boydens. We also want to make their clients aware of the qualities they should look for in a CSO. At the same time, we need to reach the people who are participating now at various levels in security or protection of assets and who want to understand what a CSO is and how to become one if they're not one now.

One of the shortfalls in the security industryas in every industryis turf wars. If we're going to have guidelines that develop into a true consensus standard, we've got to involve everyone in the process. Right now, we have lawyers, educators and people with corporate and consulting experience on the commission. We'll work with them to get the best draft document and then circulate it outside for comment.

We've got to be careful that we don't identify a stereotypical CSO. For example, we don't want the ex-military or ex-police officer to think they automatically have everything they need to be the CSO, nor do we want the CISO thinking that either.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

Rolling the dice with your security? Take the Self-Assessment Test now

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Revolutionizing Endpoint Security with a Single Agent

Envision Identity-Based Access Control for the Datacenter

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Digital Identity Protection and Data Security Get Personal

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

IS/IT Project Mgt. Credentials From Villanova - 100% Online

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Configuration Assessment: Choosing the Right Solution

Data Protection: Challenges for the Traveling User

Key strategies for C-level executives and security staff

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

IDC Defines an Identity and Access Management Submarket

Using Likewise to Comply with PCI Data Security Standard

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Solving Online Credit Fraud Using Device Reputation