InsightaaS: Scott Lowe of Wikibon, the open source community of world-leading storage and solution analysts, weighs in on the balance that a corporate security office needs to strike between safeguarding information and enabling (or at least, not impeding) business progress. He notes that, "When done right, the CSO role is an integral part of an organization’s overall risk management architecture. When done wrong, the CSO role is an expensive paper pusher that could hold back key initiatives" - and goes on to articulate some of the practices that lead to these outcomes.
Regardless of organization vertical or size, security has been and will continue to be an incredibly important part of the risk management portfolio. It’s how security is handled that will determine the overall effectiveness of chief security office position, though.
The security spectrum
Security is generally seen as a spectrum. At one end of the spectrum is the wild west kind of environment. In the wild west, anything goes and security is an afterthought. In such environments, there is generally no security officer and every employee just does what they want when they want it. If there is any security, it’s left up to the individual. In these environments, employees can always get their job done thanks to the lack of red tape, but there is a high risk of downtime and data compromise.
At the other end of the spectrum is a place like Fort Knox, where there are multiple levels of firewalls, user don’t have any rights, and the security officer always says "No" to any request...