CIO's for Nightwatchmen

With the introduction of innovative mobile technologies and data applications, IT sector seems to be shedding its primeval image of a cost cutting department and has been more of a source of revenue generation for the organization. The new hat donned by the IT has in turn compelled the CIO’s to undertake a neoteric role, in which security plays a salient part, reports Adrian Bridgwater.

In many organizations, it is found that the CIO playing the role of the CISO (Chief Information Security Officer), monitoring not only the technology and processes but also the people associated with it. One has to make sure the array of applications and technologies, critical data pertaining to customers as well as to those of the employees and the organization, the financial and monetary assets, the Intellectual Property and the goodwill are safe and sound and under no circumstances are compromised; and that 'one' is none other than the CIO.

In this context, we come across two pedigrees of CIO’s, each having an individualistic and a distinct approach to the security risks looming over a company. They can be categorized into:

•    Type A – ‘Protect and Respond’
•    Type B – ‘Serve and Protect’

While Type A are the breed who reacts to a situation in the best possible manner dousing the flames of a security breach, Type B will act more progressively and prevent the spark from taking a more destructive form in the first place. They will inform the authority about the rising concern over security breach and urge the board members to prepare in advance over such threats.

Due to budgetary constraints, many CIO’s fall under Type A category. But due to the rise in cyber crimes and ‘hacker based groups,’ it is high time for an organization to give the CIO’s the necessary leverage as well as space for them to ‘serve and protect’ rather than to ‘protect and respond’.

According to the 2011 top cyber security risks report, "The year 2011 saw a significant increase in activity from hacktivist groups Anonymous and Lulz Security (LulzSec). The motivation for these groups' organized, systematic attacks on businesses or individuals - retaliation for perceived wrongdoing - brings new visibility to a security threat that has been looming for years and highlights a new era of security risk that must be addressed."

As such, a CIO must be steadfast in his resolute to prepare the organization from the impending dangers, prioritizing its protection policies so that business operations are not hampered even in the course of a security breach. Or they can simply play the waiting game and face the dire consequences as these threats will not be diagnosed any time soon nor will they cease to exist.