"[ORGANIZATIONS] ARE UNDER attack almost daily from various sources on the Internet," says Ron Baklarz, CISO (chief information security officer) of the American Red Cross in Falls Church, Va. But, despite the recent releases of professionally scripted viruses as well as DoS (denial of service) attacks and other hacker attacks, it is the aftermath of Sept. 11 that has moved information security to the top of the board's agenda, says Allan Paller, director of the System Administration, Networking, and Security (SANS) Institute, a professional information security association and certification provider in Bethesda, Md.
With closer scrutiny from boards, these information security executives are under a new kind of pressure, Paller says. Boards want someone -- a CISO -- who can ensure systems and information security, balance IT functionality, and be held responsible for any weaknesses.
CISOs first rose to prominence in the armed forces and then in the financial services sector where information security weaknesses -- from system downtime, hacking, and fraud -- have a direct and definable impact on corporate profits and losses. "Security is part of their bottom line," says Dave Juitt, chief security architect at Bluesocket, a …