Editor’s Note: This post is from regular contributor Norman Katz, Sourcing Innovation’s resident expert on supply chain fraud and supply chain risk. Catch up on his column in the archive.
First, my apologies to any college basketball fans who are thinking this post will be discussing hoops. I get about 15 different business magazines each month; they are a very useful resource for keeping up with what’s going on in the world.
In the March 2009 edition of Inbound Logistics, the top 12 corporate ethics and compliance concerns of executives surveyed were listed. Product Safety & Liability came in at # 6, with Information Security and Financial Integrity last at numbers 11 and 12 respectively. Anti-bribery, Conflicts of interest & gifts, Anti-trust contact with competitors, Mutual Respect, and Records Management beat Product Safety & Liability. Information Security and Financial Integrity was bested by Privacy, Proper use of computers, Export Controls, and Careful Communication.
Hmmmmm … I’m a little more concerned for my own health and safety now, I think.
In the March 30, 2009 edition of Information Week, 400 respondents to the senior management top security priorities survey showed that 35% of respondents are concerned about protecting data from outside hackers, and 18% are concerned about protecting data from unauthorized employee access.
In the April 2009 (well, it’s close enough to March) edition of CSO Magazine, 1000 ex-employees were surveyed about data security: 79% said they took data without their employer’s permission, with 59% admitting outright to stealing data, and 82% said that employers did not perform audits prior to their dismissal. (24% also stated that they had system access after dismissal.)
Okay…..with Information Security and Financial Integrity ranked so low in the area of concerns, and employers more concerned about outside hacks than inside theft (by a 2:1 ratio), is it any wonder that so many employees were able to steal data before and possibly even after their dismissal?
The distribution of intellectual property – customer lists, item prices, suppliers & costs – can cause serious competitive harm to an organization, so much so that it could suffer serious impacts to financial performance.
Protecting an organization from leaking data requires internal and external focus, and I submit that it takes two different groups of talented people to properly address each security vantage point. Protecting the network infrastructure via the use of hardware & software firewalls, anti-virus software, spam monitoring, web site filtering, data copying & transmission prevention, etc., are tasks best left to the folks who are experts in network infrastructure hardware and software. Identifying gaps in business processes and excessive application user rights & roles – especially those that contradict a person’s job description – are best left to business systems analysts and the folks who are in charge of business software application functional administration.
Taking this a step further, I have long wondered why CIO’s (Chief Information Officers) are given responsibilities better designated for CTO’s (Chief Technology Officers). In my opinion, this is an ideal separation of responsibilities. Working separately the CIO and CTO can focus their talents and resources on their individual areas of expertise. Working together, the CIO and CTO – and their respective teams – can ensure that any solution presented for the enterprise satisfies the business need and works within the technology standards established. (And if the right solution requires standards changes or other enhancements, let the right group handle it.)
What do you think readers? Is it better to have a CIO and CTO working together in mutual collaboration, or keep all technology tasks – from network infrastructure to business applications – under one C-level executive?