- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
James Cupps, a former network engineer and information security officer for the U.S. Navy, is now on his second tour of duty with Sappi Fine Paper North America, a division of a $4.7 billion South African manufacturing company. Cupps, the North American division's information security officer and Sappi's global security lead, recently shared his thoughts with Network World Executive News Editor Bob Brown.
Give us a feel for your job responsibilities and the company's network.
Overall, we have 20,000 employees but only about 10,000 systems that are spread over several hundred subnets. In North America, we have about 3,000 systems and about 4,000 employees. We have offices on six continents, with large-scale manufacturing presence on four. I am responsible for network and application security including segregation of duty in our ERP system, anti-virus, edge protection, disaster recovery, policy creation and enforcement, regulatory compliance/[Sarbanes-Oxley] and business continuity.
What's the most underappreciated aspect of your job?
Building interregional and interdepartmental consensus.
How is overseeing IT security at a corporation different than in the military?
Believe it or not, you can make decisions more quickly and get them enacted faster in a company. There is more focus on disaster recovery/business continuity in a business and more focus on edge security and general data classification/protection in the military. Other than that, there are a lot of overlaps.
On one hand more threats, from viruses to phishing to spyware, are hitting networks. On the other hand, more money is being sunk into security companies and more tools are coming out. Is it getting any easier to sleep at night?
Actually, yes. The bad guys are definitely getting better, but so are the vendors. Some of the newer [intrusion- prevention system (IPS)] mechanisms are quite easy to deploy and manage and are remarkably resilient. If you implement them in a smart-layered architecture the cost isn't much higher than what we have seen over the last several years. Add to that the fact that executive management is giving the area substantially more attention, and it is finally possible to get real problems fixed. There are a lot of tools, strategies and mechanisms for dealing with rights issues such as [separation of duties] now that had to be performed manually - or more likely not at all - just a few years ago. There are still a few things that worry me. Process-control security is getting a lot more attention but still needs more work from manufacturing companies and the makers of the equipment. This is the infrastructure that allows actual physical control of machinery and plant equipment.
Rss FeedRss Feed
and there is always a but... firebug doesnt work :(- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment