A new global organisation was set up this month to bridge the gap between IT, business staff and company boards on incident response planning in large organisations.
Called the Corporate Executive Programme (CEP), the initiative is being driven in the UK by Claudia Natanson, chief information security officer at drinks company Diageo, and John Lyons, who until earlier this year ran business liaison for the National Hi-Tech Crime Unit.
The CEP has emerged from 16-year-old global IT security organisation the Forum of Incident Response to Security Teams (First). It plans to hold its opening UK conference from 11-12 May at Gleneagles in Scotland.
The event aims to bring together IT security specialists, board directors and senior business people to discuss the biggest risks facing businesses in the next 12 months.
Between now and the conference the CEP is setting up a Global Risk Index listing the top business and IT-related threats to companies. This will be compiled from consultation with top security, risk management and business people.
"CEP is unique because it breaks down vertical silos," said Lyons. "If I want to have a relationship with a bank, I need to know 6 or 7 people - HR, finance, operational and risk management people, for example, many of whom do not talk to each other. We are providing an umbrella across the enterprise covering end-to-end risk."
He added that chief executives tend not to compartmentalise IT risk; it is seen as part of the broader range of external threats to an organisation, such as floods, terrorism and bird flu.
Providing a common meeting ground to discuss all areas of risk will help IT security directors get their points across to the business, Lyons said.
"We are helping those responsible for technology to have a better idea of what is on board members' minds. They need to be addressed in relation to what is on their minds. They think in terms of growth, delivering customers, and building a more safe and secure business," he said.
The Gleneagles conference is expected to draw about 40% of its delegates from the IT world. They will mix with other business people concerned with global risks.
One highlight at the Gleneagles conference will be a set up where board members of major organisations will be warned of risks by attendees, who will put together proposals about global risks. The board members will then give them a grilling on their proposals, said Lyons.
What is First?
The Forum of Incident Response to Security Teams (First) was set up in 1990 to help enable a co-ordinated response to internet worms. It has 188 corporate members worldwide.
First brings together computer security incident response teams from government, commerce and academia. Members include ABN-Amro, Boeing, Cable & Wireless, Commerzbank, Ernst & Young, Goldman Sachs, Hitachi, IBM, Intel, MIT, Microsoft, Merrill Lynch, Nortel, Nokia, Qinetiq, Royal Bank of Scotland and Royal Mail.