The Public Eye with Eric Chabrow

The CFO: IT Security Team's Key Player

The CFO: IT Security Team's Key Player

A key player in securing IT is the chief financial officer. It makes sense, of course. IT security costs money.

But IT security isn't just an expense. It's a business enabler. Today, any organization of consequence of any size - be it a government, bank or hospital - cannot survive without its IT systems and networks functioning properly and securely.

It's a point made in an interview by Phyllis Schneck, chief technology officer/public sector for the IT security provider McAfee :

"Typically, you want your security budget to be strong enough to support your investment that will enable you and sustain you to build a resilient infrastructure forward. And, sometimes those budgets are just low enough they can't afford to buy what they really need, and just high enough they have to go buy something, so if companies invest in what I call mediocre security infrastructure, they'll have to keep spending that money over and over every year."

The alternative is to develop a team consisting of the CFO, chief information and chief information security officers and the business managers who own the systems who together can - must - build a business case for an IT security spending plan.

No doubt, Schneck would want government agencies, businesses and not-for-profits to invest in McAfee products rather than piecemeal a middling solution. But the underlying point taken from Schneck's observation is that the amount of money a company invests in IT security must be placed in the broader context of the enterprise's well-being. IT security isn't an add on; it's strategic. And, it's crucial to get CFOs, CIOs and CISOs and the business-side users of IT engaged with one another, especially in a world where others seek to do harm. As Schneck says:

"Communications is very important because security has to be a business enabler at the same time we fight this giant adversary."
* * *

The interview with Schneck is the first of a continuing series of conversation we'll have in the coming months with CTOs and research and development executives of leading IT and IT security providers.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.