In a speech last week to IT executives and corporate risk managers at the Bureau of National Affairs' (BNA) cybersecurity summit, Chubb's Dean O'Hare said IT security planning must not be confined to information technology departments. He advocates that it rise to the corporate governance level, involving oversight by top executives and boards of directors.
"It is increasingly clear that we cannot manage these risks within any one silo. Cybersecurity must be an integral part of a company's overall security planning," O'Hare said in his speech to the BNA, portions of which were released by Chubb. "Information technology experts cannot do this alone. They must work with security, human resources, risk management, general counsel and line management across the entire enterprise to develop policies and procedures to minimize risks."
|More on Disaster Planning and Business Continuity|
|CIOs' Business Continuity Plans Seen Falling Short Disaster Recovery: Lessons Learned From 9/11 META Report: The New Logistics of Disaster Recovery The Importance of Disaster Recovery Planning Hits Home Before Trouble Strikes Assuring Business Data Continuity CIO Worries for 2002|
O'Hare's words should be welcome words to corporate IT executives, many of whom have sought for years to attract that level of attention and input -- not to mention funding -- from CEOs and directors for their IT security and business continuity plans.
Many Companies Still Taking Security Shortcuts
Although Sept. 11 has brought a renewed focus on devising robust security plans, many companies reportedly are still lagging on that front. A recent report by Gartner Inc. found that many companies remain focused on inexpensive tactics such as updating and testing their business-continuity plans, rather than making major changes, such as moving data centers or offices to more secure locations.
O'Hare also said in his remarks that there must be across-the-board cooperation between IT and other in-house departments, as well as cooperation among companies, industries and the public and private sectors when it comes to building security strategies.
O'Hare cited what he believes to be good examples of large-scale cooperative efforts aimed at boosting cybersecurity at the industry level. They include the National Association of Manufacturers' Homeland Security Committee, which recently formed to help member companies understand key operational and policy issues such as cybersecurity, and the Critical Infrastructure Protection Board, formed by President Bush's chief cyber security adviser, Richard Clarke, to improve coordination between federal agencies and businesses.
Among his other points:
The Bureau of National Affairs (BNA) publishes news, analysis, and reference materials covering legal and regulatory developments for corporate and government leaders.