TRENDING:

The Public Eye with Eric Chabrow

The CFO: IT Security Team's Key Player

Eric Chabrow (GovInfoSecurity) • October 12, 2010    
The CFO: IT Security Team's Key Player

A key player in securing IT is the chief financial officer. It makes sense, of course. IT security costs money.

But IT security isn't just an expense. It's a business enabler. Today, any organization of consequence of any size - be it a government, bank or hospital - cannot survive without its IT systems and networks functioning properly and securely.

It's a point made in an interview by Phyllis Schneck, chief technology officer/public sector for the IT security provider McAfee :

"Typically, you want your security budget to be strong enough to support your investment that will enable you and sustain you to build a resilient infrastructure forward. And, sometimes those budgets are just low enough they can't afford to buy what they really need, and just high enough they have to go buy something, so if companies invest in what I call mediocre security infrastructure, they'll have to keep spending that money over and over every year."

The alternative is to develop a team consisting of the CFO, chief information and chief information security officers and the business managers who own the systems who together can - must - build a business case for an IT security spending plan.

No doubt, Schneck would want government agencies, businesses and not-for-profits to invest in McAfee products rather than piecemeal a middling solution. But the underlying point taken from Schneck's observation is that the amount of money a company invests in IT security must be placed in the broader context of the enterprise's well-being. IT security isn't an add on; it's strategic. And, it's crucial to get CFOs, CIOs and CISOs and the business-side users of IT engaged with one another, especially in a world where others seek to do harm. As Schneck says:

"Communications is very important because security has to be a business enabler at the same time we fight this giant adversary."
* * *

The interview with Schneck is the first of a continuing series of conversation we'll have in the coming months with CTOs and research and development executives of leading IT and IT security providers.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.