ABSTRACT
This chapter explains the critical nature of technology as part of the security discipline. It discusses two common, and ultimately failing, styles of security management: security by compliance and security by vendor. The chapter describes security in the following way: as the Chief Information Security Officer (CISO), role as sliding underneath all the various business units, joining the person who is already there— the legal counsel — in making sure that there are no cracks in the foundations. Indeed, the CISO is simply the modern incarnation of another highly respected business-wide support function embodied by the legal counsel. The legal department addresses legal and liability risk. Security addresses data and technology (and related liability) risk. Security leaders, like COOs, have a natural tendency to "listen to the heartbeat" of operations, the optimization of the management of routine tasks, and the detection of when those exhibit or develop unexpected weaknesses.
