Foolish CEOs flunk security test
Source: ZDNet France
By Jerome Thorel
Date: November 07, 2003
The fourth European IT security conference opened in Amsterdam Tuesday--with a damning indictment of CEOs who fail to understand the value and the costs of security.
While cyberterrorism and other fad-threats haven't turned out to be pose the risks which many experts had predicted, the number one source of tech threat remains inside a business itself--its staff and its internal processes, according to Arjen van Zanten of KPMG's risk management business.
He claims a cultural barrier still exists between IT departments and the board.
"The board of directors doesn't understand anything about security," he said.
Tom Scholtz, VP of research firm Meta Group, replied "but the heads of IT, and above all those in charge of security, aren't up to the job of reassuring them", in the course of a roundtable on the value of security.
Just a few years ago, IT security was considered a restriction on businesses. Like putting the brakes on a vehicle only has one result: it slows down how fast you can go. Today, luckily, it's considered as a sign of confidence and people realize that using the brakes actually helps you go to faster.
That rather convoluted metaphor comes courtesy of Art Coviello, CEO of RSA Security, speaking at the Amsterdam conference. For RSA and other security vendors, the problem is to convince business bosses that knowing how to safely conduct business over the internet is about more than knowing how to guard against attacks or malware targeting their IT systems.
^macro[showdigestcomments;^uri;Foolish CEOs flunk security test]