• Top News on Security Info Watch.com
• What is RSS?
• All Available Feeds

By Ray O'Hara, CPP Garda/Vance

The term “cyberspace” was coined by science fiction writer William Gibson in his 1984 novel Neuromancer, which depicted the world soon to be forged by the Internet as a “Wild West” of lawlessness, chaos and crime. In a 1994 interview, Gibson joked that cyberspace is “where the bank keeps your money.” For security professionals in 2007, cyberspace is perhaps best defined as the place where companies now keep their most valuable assets and where security skills and services are in need as never before.

The implications of the new definition of cyberspace are profound and far-reaching. Today's modern corporation has no real physical boundaries. Sure, the brick-and-mortar facilities still exist, but the most valuable business assets are no longer confined within a physical space or in a locked filing cabinet. Companies now inhabit a virtual universe that banishes space, time and all conventional notions of what is secure and what is at risk.

Hardly a day goes by without new reports of just how vulnerable these boundary- free companies are. Millions of credit records are hacked from a major department store, which waits more than a year to report the loss. Government laptops loaded with confidential IRS and Veterans information are reported missing or stolen, with blame assigned to lax or absent procedures. Global networks of cyberthieves electronically establish new identities and defraud millions of dollars of purchases. The term “identity theft” is on everyone's lips. Millions of people hold their breath while scanning their latest credit card statements looking for fraudulent charges.

If there is a silver lining to the current escalating spiral of cyber-crime, it is that things are reaching a crisis point that will force constructive changes. Companies and government agencies are bracing for lawsuits and class-action claims due to their inability to protect and keep confidential customer information. Customers are refusing to shop at companies that report loss and/or theft of confidential customer information.

Corporations are beginning to respond to the growing menace of cybercrime with a new comprehensive approach. Enterprise Risk Management is an emerging discipline that has grown out of the world of financial management. It approaches risk management from a holistic perspective – one that can potentially integrate traditional security with information technology (IT) departments and, more importantly, elevate the process to the highest levels of company management where the concept of traditional risk management is well-established and respected.

Badges, Bytes and Beans – A Trinity of Convergence

While the convergence of security and IT has been underway for some time, new developments are both accelerating the process and elevating it to the senior-management level. This is a tremendously positive development for security professionals and for the emerging role of Chief Security Officer (CSO). The three groups engaged in this emerging discipline of comprehensive, enterprise-wide risk management are not strangers. In many respects they are former adversaries, operating in different spheres of their corporate environments with somewhat competing agendas.

One of the challenges facing today's security professionals is to learn the language of bytes and beans and understand how those disciplines interconnect with their own. With that comprehensive perspective, security professionals at all levels can effectively leverage their roles and assume a key role in enterprise risk management.

Today's Most Read SIW Articles