Typically, when a cybersecurity problem arises, it’s the IT department that gets it in the neck. Ostensibly, that makes sense. After all, if someone is in your network mining your database for corporate secrets, it’s hardly the office manager or the accounts receivable department’s lookout, right?
Perhaps. On the other hand, there’s a case to be made that putting Canadian IT departments alone in charge of the cybersecurity budget and decision making may not be wholly effective. Some believe that carving out cybersecurity as a separate function could lead to better, cheaper information security overall.
John Lyons, chief executive of the International Cyber Security Protection Alliance, is one of them. For security to be a first-class citizen, it needs to have its own champion outside the IT department, he believes. “If you have a CISO reporting through a CIO or if you put the cybersecurity budget in the technology budget, then the security spend gets lost among other priorities,” he warned. “It's right to segregate out the expenditure on security as a discrete part of the overall spend in the company.”
Article complet : ici
Aucun commentaire:
Enregistrer un commentaire