CSO 2.0: How to take your security program to the next level
CSO - Information security is changing rapidly. At each new security conference it seems as though there are almost twice as many new tools and new vendors than at the previous edition. Security incidents are occurring more often and with increased financial or reputational impact.
At the same time, resources for security and IT remain nearly constant. How do we do more with less, how do we govern in a rapidly changing environment? How can we be more in-tune with the needs of the business and make security a driver of change rather than a box to check? To take a page from a popular ad campaign, here's a look at some key elements for CSO 2.0s to have in their wallet for success in 2014 and beyond.
Little to no understanding of what makes the business tick
Focused on securing the external network only
Remains within the information security domain
Metrics and reporting to the business is primarily technical and security based
Relies on anti-virus and security technology only
Adds new security tools because they are trendy and everyone is doing it
Engages with and understands the business: Is in close touch with peer business leaders and has touch points and feedback loops across multiple levels of the business organization
Metrics that the business can understand risk based and tied to dollar amounts: Aligns security objectives with business goals, even trying to make security a driver for more business
Treats the external and internal network as hostile: With the proliferation of mobile devices and APT, the internal network must be treated as hostile as external; Add SSL for critical internal websites as you would on external sites
Proactive focus: Focus on proactive security measures such security training and continuous security scanning of production systems
Risk and compliance based security approach to information security: Finds the right mix of security tools to address business risks and non-security tools such as legal agreements for risk mitigation
Holistic information governance approach: Works across the board with other data governance stakeholders such as privacy, compliance and legal to create a cross functional approach to data information and asset governance
What CSO 2.0 tips do you have in your wallet that you'd like to share? Please comment.
George Viegas, CISSP, CISA is Director of Information Security at a leading multinational information and media company based in Los Angeles.
Read more about security leadership in CSOonline's Security Leadership section.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Top tips for securing big data environments - Why big data doesn't have to mean big security challenges Organizations don't have to feel overwhelmed when it comes to securing big data environments. The same security fundamentals for securing databases, data warehouses...
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- Three guiding principles for data security and compliance Data security is a moving target-as data grows, more sophisticated threats emerge; the number of regulations increase; and changing economic times make it...
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva.
- How SIEM Addresses the Challenges of Big Security Data This webcast will help you understand today's big data security challenges and how intelligent and scalable SIEM solutions give IT the tools and... All Data Security White Papers | Webcasts