How great IT security leaders succeed

Forrester identifies some surprising attributes that make for the best-performing CISOs

By Matt Hines
March 10, 2008

Talkback

E-mail

Printer Friendly

Reprints

One of the most important assets for any CISO, Kark said, is to behave as a "kingmaker," someone who helps other people improve their own skills by acting as a mentor, rather than as a draconian ruler who merely gives commands and expects them to be followed. "CISOs need to help other people succeed and take over different responsibilities. This should be part of their overall security strategy," he said.

A related talent is not playing the blame game. "CISOs also have to be willing to take on a lot of the blame when things go wrong, even if it was someone else's fault. You don't want to take the blame for everything, but if you can stand up for someone else's mistake and use that to work on issues that improve the overall position of the organization, that's a great thing to do."

Value of deep technical skills is questioned
One aspect that the Forrester report did not cite as critical to a CISO's success was having a high level of technical skills. "Some people said yes, and others said no. This is an old debate," Kark said. "I think the key is that you absolutely need to have the ability to comprehend technical data, but you don't necessarily need the hands-on skills. Many successful CISOs don't focus on operational issues like managing firewalls, but they do need to be aligned with defining security policies and crafting the risk posture of their organization."

In fact, many CISOs who do have technical skills contend that the knowledge often leads to them getting tied down in too many operational decisions and projects, he said.

Regardless of a CISO's technical abilities, Kark said that it will become increasingly important for security leaders to move away from a bottom-up approach to security, where the focus is what tools to use, to a top-down approach driven by risk management and governance concepts. "These executives need to move from operational expertise into more of a role of a strategic thinker, from a policeman to a trusted adviser," he said. "They need to see themselves more as a consultant, as opposed to an auditor, and transition from a specialist in IT security to a generalist in overall business risk."

Matt Hines is a senior writer at InfoWorld.

« PREVIOUS PAGE | 1 | 2

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

>> Talkback: Have your say

FIVE WAYS TO REDUCE IT COSTS IN 2009
The demands on IT have never been greater, particularly in light of lower revenue and uncertain demand for the goods and services. There are many ways that IT can help organizations adjust to this new economic environment. Learn about five key technology trends that can immediately impact your organization's bottom line, and how to build a strategy to implement these technologies within your current budget. Sponsored by: Riverbed

» Click here to view this Webcast

Virtualization Solutions Guide
This comprehensive IT Strategy Guide covers Virtualization and puts you at the forefront of the discussion. You'll learn all you need to know from the cost of virtualization, how to implement it for your business, how to back it up safely and which products are best. Sponsored by Riverbed

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

HP Smart Array P800 Controller and HP MSA60 2,500 - This document provides information on the HP StorageWorks 60 Modular Smart Array (MSA60) direct attached storage (DAS) solution...
HP Insight Dynamics - VSE Reference Arch. for Microsoft Exchange Server 2007 - Learn more about HP Architecture Planning Tool for OCS 2007: - Further detail on the various input parameters and decision...
Best Practices for Deploying Microsoft Office SharePoint Server 2007 - The release of Hyper-V, from Microsoft Windows Server 2007, provides users with a virtualization tool to consolidate the...
Jazz Meets Development in IBM Rational Team Concert - Open source. Open collaboration. Jazz. What's all the hype? This whitepaper, developed by RocketGang, an IBM Premier Business...
The Case for a Specialized Security Platform - Global business operations depend on networks that are up and running 24/7, and network security is an increasingly important...
Interaction between Nokia Intrusion Prevention and Nokia Firewall - Firewalls sometimes need to let their guard down to allow SMTP/email, FTP, SIP/VoIP calls and other protocols with minimal...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

How great IT security leaders succeed

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
AT&T - New from AT&T: Discover Fixed-Mobile Convergence Now AT&T - Securing the Converged Enterprise I AT&T - An AT&T Article: When Content is King AT&T - The Spirit of Innovation: 100 IT Leaders Speak Out AT&T - Machines That Speak: The Machine-to-Machine Wireless Network AT&T - The Top 10 Best Practices for Server Virtualization Planning Rocket Gang - Jazz Meets Development in IBM Rational Team Concert Nokia - Interaction between Nokia Intrusion Prevention and Nokia Firewall Riverbed - Five Ways to Reduce IT Costs in 2009 AT&T - AT&T Article: Reinventing the Telephone with VoIP (ISC)2 - I'm an SSCP Go-To Guy. See what I do. Click here! AT&T - AT&T Business Continuity Survey on Risk Management AT&T - Maximizing Mobility in Communications Rackspace - The True Value of a Hosting Provider AMD - The Future is Fusion. Only from AMD. Learn more. Nokia - The Case for a Specialized Security Platform Intersystems - Develop and integrate faster with InterSystems Ensemble. AMD - Learn how the new Quad-Core AMD Opteron(TM) processor improves performance AT&T - Securing the Converged Enterprise II AT&T - An AT&T White Paper: Enterprise IPTV Solution HP - HP Architect Planning Tools for MS Office Communications Server 2007 HP - Best Practices for Deploying Microsoft Office SharePoint Server 2007 HP - HP ProLiant BL480c Server Blade Microsoft Exchange Server 2007 HP - HP Smart Array P800 Controller and HP MSA60 2,500 Oracle - Top 3 Ways to Cut Costs in 2009 with Oracle Content Management AMD - See the power of the new Quad-Core AMD Opteron(TM) processor ASG Software - Transform your IT Organization now! ISC2 - Network Security Solutions Guide		Infoblox - The Costs and Impacts of DNS and IP Address Management Riverbed - Virtualization Solutions Guide Armstrong - Delivering Actionable Enterprise Architecture HP - HP StorageWorks products-control, consolidation and confidence. Vision Solutions - Solving Downtime Challenges to Manufacturing and Supply Chain Operations Oracle - The Top Three Ways to Cut Costs in 2009 HP - Predict the future with HP Insight Power Manager HP - Affordable technology-no compromise. HP server solutions. Motorola - The Enterprise Mobile Messaging Benchmark Report Data Domain - IDC Workbook: Assess the Value of Deduplication for your Storage Consolidation Initiatives Vision Solutions - Real-Time, On-Demand Information for Business Intelligence and Data Integration Samsung Printing Solutions - control workflow, costs and operations Check Point - Check Point Endpoint Security White Paper Get to know - BlackBerry Professional Software-find out more Oracle - Oracle Universal Content Management Oracle - Information Workplace Platforms: Oracle vs. Microsoft Oracle - Performance Monitor: ERP at the Speed of Light Sony - Discover the advantages of Sony LTO media at sony.com/lto. Sun - Virtual Machines: Sun's xVM Virtualization Portfolio Verisign - The Latest Advancements in SSL Technology CA - Plan IT better, Manage IT better. CA - Manage your IT more effectively. Intel - Processor-enabled Virtualization. That's IT as it should be. Microsoft - Get the virtualizing power of Windows Server 2008 with Hyper-V Microsoft - Microsoft SQL Server 2008. Read Case Studies & Try for Free Microsoft - Learn about the software-based VoIP solution from Microsoft. Oracle - Nucleus Report: Who's ready for SMB? Qwest - Learn how Qwest voice and data solutions can save you time.

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist TecChannel :: TecCommunity