RSS Feed

CISOs hold the key to information security

5 areas CISOs must deal with as they create an information security strategy

Posted 704 days ago

Creating an information security strategy


From malicious individuals aiming to expose your organisation’s information, to senior executives who demand the CISO must work with limited funds to close every potential avenue to exposure, the role of protecting company assets has never been so challenging.

Maintaining an effective balance between risk and innovation is a tough challenge for the IT leader, especially in a modern, cost-conscious environment, where the individual spend of consumer technology is increasing at a faster rate than the CIO’s technology budget.

CISOs looking to create a security strategy for the business must address five key areas - data leakage, consumerisation, cloud computing, compliance and risk - and demonstrate how the IT leader really holds the key to information integrity in the digital age.

Data leakage and end-point security

Did you know?
The Open Security Foundation reports there have been 369 total security incidents this year, affecting as many as 126,749,634 records.

What can you do?
Data leakage simply cannot be afforded. Research from independent researcher the Ponemon Institute suggests 84% of British, French and German businesses fell victim to security breaches at least once in the past 12 months, with the cost amounting to more than €250,000 for 44% of organisations.

The Ponemon Institute suggests European business leaders must consider a more aggressive, systemic security approach. Such a strategy must work to mitigate risk and include end-to-end comprehensive protection at all points in the network.

CISOs must work with trusted partners to carefully assess their potential pain points, relating this to the risk and business drivers of the organisation. Working with an external expert might seem a strange way to deal with the pressures of internal security but a tailored and managed service will help you develop an effective business solution.

Consumerisation and the mobile workplace

Did you know?
Consumerisation is already here and is changing how your employees interact - as much as 49% of CIOs allow their employees to complete work tasks on personal devices, according to research from CIO magazine.

What can you do?
Giving workers increased access to enterprise information through a mobile device might seem like a potential security nightmare, but it does not have to be that way. And CISOs can be the key to helping the business cope.

The demand for bring your own computing and mobile devices, that can work alongside social networking tools, means organisation must review both their short and medium-term  strategies. There is still much work to be done in terms of IT strategy, with researcher IDC reporting just 4% of European IT professionals believe their organisation has modernised customer-facing applications to work with mobile devices.

Analyst Gartner suggests CIOs must build the next generation of mobile strategies to meet rising expectations from employees and customers. Such strategies should cover elements such as collaboration, multi-channel and bleeding-edge innovations, such as Near Field Communication, while still retaining security policy and posture.

Cloud computing and the threat landscape

Did you know?
On-demand IT will quickly become mainstream, with analyst Ovum predicting that global spending on public cloud services will grow rapidly from £11.4bn in 2011 to £42bn by 2016.

What can you do?
Cloud is coming but you cannot take its evolution in the enterprise for granted. Independent research organisation Ponemon Institute suggests more than half of United States organisations are already adopting cloud services, but only 47% believe on-demand services are evaluated for security prior to deployment.

Worse still, the cloud is often being introduced beneath the radar and without the watchful eye of the CISO. Ponemon reports 50% of US IT professionals believe their organisation is unaware of all the cloud services currently deployed in the enterprise and such neglect raises the spectre of potential security risks.

The traditional security policy that concentrates on defence in depth will no longer translate to cloud computing. The CISO will be held accountable for security breaches and will need to ensure security is adequately addressed at the start of every business initiative. Security measures must be implemented in a controlled, yet timely manner, and should result in the establishment of a common risk language across the organisation.

Compliance and regulatory concerns

Did you know?
Over half of financial services CIOs spend 30% or more of their IT change budget on regulatory compliance, according to research from consultant Xantus.

What can you do?
The ever-increasing regulatory burden is not just confined to financial CIOs and is a challenge common to IT leaders across all sectors. Research from security association ISACA suggests as much as 95% of IT professionals within major organisations consider governance to be important.

Key initiatives include Payment Card Industry standards, with analyst Gartner estimating that PCI compliance costs organisation an average of $1.7m across a two-year survey period. Mobile and cloud computing create further governance headaches for CIOs charged with compliance management.

IT leaders must ensure the regulatory burden is fully understood. While ISACA research suggests as much as 70% of heads of IT are also a member of the senior management team, that still means almost a third of CIOs are not in a position to influence security spending decisions at the board room table.

Risk and security hot spots

Did you know?
As much as 26% of Britain’s mid-size technology companies are highly exposed to the risk presented by cyber crime according to research from insurance company Zurich.

What can you do?
A thorough understanding of risk is set to rise in prominence on the CIO agenda. Researcher IDC reports financial firms currently spend in the region of $56bn on risk technology, a figure set to rise by 7% through 2015, driven by the increased need for compliance and a demand from the business for deeper analytical information.

CISOs aiming to deal with risk must find a careful balance between utility and innovation, while dealing with disjointed data legislation around the world and the risk of greater disruption to operations caused by infrastructure failures. CISOs must also help to drive cost savings and efficiencies within the organisation at the same time as they encounter a number of targeted threats to their organisations, such as acts of economic espionage and the work of disgruntled employees.

Rather than talking in technical terms, IT leaders must explain how failing to address a concern will lead to specific risks to the business and this explanation must be able to be related to key business performance indicators. The CISO must use risk to implement innovative IT solutions that secure the business and should be fully prepared to advise the business on the cost of not implementing such solutions.

Get in touch

For advice or to get a quote

Call: 0800 032 7977

Request a call back

We'll call you back within 2 working hours

 
 
comments powered by Disqus