CISO: Getting Serious About Security

  By Lindsay Edmonds Wickman —

Getting this type of information assurance means setting policy to ensure security. “Any organization’s security policy forms the baseline for the organization’s security posture, as the policy lays out what is and isn’t permissible,” Klawans said. “Security policies set out the expectations against which compliance can be measured.”

As ISOs and CISOs become more prevalent, certifications become more of a necessity. Klawans is a Certified Information Systems Auditor (CISA), a Certified Information Security Manager (CISM) and a Certified Information Systems Security Professional (CISSP).

“Most often they [companies] seem to be looking for a CISSP,” he said. “Often they will be open to others such as the CISA or CISM, but it’s become important in this position to be certified.”

The role of CISO or ISO is vital today, but will become even more so in the future, as systems and data storage proliferate and identity theft and privacy invasion rise.

“There is such a reliance on information systems,” Klawans said. “We are trying to reduce paper as much as possible. Well, you start putting medical records onto electronic media, and if there’s no paper record, what happens when the systems aren’t functioning? That’s where the whole availability notion comes in, as well as keeping [that information] confidential and maintaining the integrity of [it]. We’re trying to address that, and I’m sure it’s something that not just health care [but] all organizations are facing.”

– Lindsay Edmonds Wickman, lwickman@certmag.com