At the EWF event in Scottsdale, Arizona, Dell Software CIO, Carol Fawcett, presented on how to get attention and agreement for an information security agenda, and the changing role of the CIO.
“Security needs to be at the back, no longer at the front, IT just needs to be a given,” she said, in opening. “Yet, 81% of IT managers admit to turning off security functionality to improve productivity”. This, she insisted, needs to change.
“The role of the CIO has drastically changed. Today’s CIO needs to be a business person who can help the business realise their strategy.” Knowing the external customer is key, Fawcett said, in order to ensure that internal applications and processes are meeting their needs.
The CIO of the past, said Fawcett was focussed on transforming, applying technology, IT efficiency, reducing costs, infrastructure management, and knowing the business. Today, the focus has been shifted to concentrate on innovating, disrupting with technology, operational excellence, delivering business value, driving business strategy and knowing the customer.
“Whatever you implement, you must understand its impact before you do so, “ Dell’s Fawcett advised. “Security threats are constant, and are a moving target. You need not to deny, but approve to enable innovation.”
A successful CIO will have a good relationship with the CISO and executive team. “Know how to put them in your shoes and explain why you’re making the decisions that you are.” Aligning your message with the CEO, and understanding what each of you are striving for is also key. Every security communication that we send out has the photographs of the CIO and CISO on - to show the company we’re aligned.”
Building a security culture in your organization, said Fawcett, is everyone’s responsibility. “Our staff try to work out ways around our security measures, they’re coders, it’s what they do. And they delight in emailing me to tell me when they have,“ confessed the Dell CIO.
Once you have a relationship with your employees, and the security culture is established, you can begin to educate them on the obvious: Phishing, infected websites, stolen devices, password strength. “It’s amazing how people click on whatever they see in emails – it’s just so easy.”
Seventy-six percent of security problems, said Fawcett, are a result of weak passwords, are senior executives, she claimed, are the worst.
Fawcett concluded her presentation with advice on how to win agreement for an information security agenda. “Constantly clarify your objectives,” she insisted, “be comfortable within yourself and be confident in what you deliver. Never compromise your values, and retain a sense of humour.” Fawcett’s final words of wisdom were that communication is key, and you should always, always be an example.