Musings on Information Security

This Month

Month Archive

November 2005
October 2005
September 2005
August 2005

Main Page

Photos

Simplified Security: Security 101

Quotable security quotes

BS7799

Guest Column

Interview

Secure Personal Computing

Security Awareness Training

Good Security Customer

Security Initiative

security

RSS Newsfeeds

Main Page RSS

This work is licensed under a Creative Commons Attribution 2.5 License.

Main Page

« September 03 | September 05 »

Sunday, September 4

Simplified Security - Tip #1 : Constitute a security team

by RaviC on Sun 04 Sep 2005 07:08 AM PDT

Constitute a security team - Benefit is single point of accountability

Most of the start-ups do not have a security team. The rationale is if the company is small, there is no need for security: Contrastingly, smaller the company higher the risk of competitive threat due to loss of proprietary information. Smaller companies are ill equipped to handle security incidents which make them even more vulnerable. Companies, big or small need to have single point of accountability for security. It is a good idea to constitute a security team consisting of core team members whose job is full-time security and other cross-functional members. The security team should be headed by Chief Security Officer (CSO) who reports to CIO. CSO is accountable for security in the company. The other alternative is to make CSO report to CEO which can vest higher leverage to CSO and hence CSO can implement security without being biased by CIO's office.

Thought #1 - Should venture firms fund a start-up company without security team?

Leave Comment | Permanent Link | Cosmos

Like what I do?
I practice in the domain of Information Security, Application Security, ISO 27001 Compliance, Security Policies.

Introduce me @ nTroduction