Monday, 2 May 2016
Security Governance Ripples from Target Breach
In its wake, CEO Gregg Steinhafel stated that he is "elevating the role" of its chief information security officer and hiring outside the company to fill the position. According to this NY Times article from early March, bringing on a new CISO will help Target centralize the company's security responsibilities.
And while the timing is coincidental, I owe Schweitzer Engineering Laboratories' Sharla Artz thanks for pointing out that Wisconsin based electric utility Alliant Energy Corp just made a similar move. For me, there are several promising parts to Alliant's announcement at the recent EnergyBiz conference that it had just:
Created an executive-level opening ... for overseeing cyber and physical security. The position was designed to bring cyber issues out of the weeds of the IT shop, where CEOs generally don't tread.
What I like best about this is:
The company didn't have to endure a huge security incident to justify this change to the org chart
The position is clearly not going to be buried in an IT silo, so it should have authority to set security policy across IT and OT
Reflecting a convergence that's happening in many energy enterprises, this new security exec will oversee both cyber and physical security
Hopefully we'll see more utilities make similar moves ... and soon.
Credit - http://smartgridsecurity.blogspot.com/2014/03/security-governance-ripples-from-target.html