Journey through Enterprise IT Services
In Journey through Enterprise IT Services, Nadhan, HP Distinguished Technologist, explores the IT Services industry, and discusses technology trends in simplified terms.

Are CIOs posing the right questions to the CISOs?

I’ve shared my thoughts on questions that CIOs ought to ask themselves – whether it be about their priorities, how they deal with information, engaging with the CMO or innovating the planet by 2020. But the dialog referenced in the HP Discover BB3219 session on Security 101: Five questions CIOs should ask of their CISOs raises a different vantage point in my mind. Like many other strategies, there isn’t a single security strategy that fits all enterprises. It behooves the CIO to ask the CISO key questions that address the security concerns pertinent to the given enterprise. A conversation driven by the CIO with the CISO is likely to surface the right concerns, so that they can strike the balance that best fits their enterprise.

 

IT Lock.png

This HP Discover 2013 session delves into this dialog, while describing a security maturity model to help enterprises assess their security capabilities. So what are the questions the CIO ought to pose to the CISO? Here is a starting list you can expand upon:

 

1. Are our frameworks secure enough to combat the criminal minds?

Enterprises tend to view the adoption of standardized security frameworks as an adequate measure to address concerns. However these frameworks themselves only serve to give a false sense of security in a world where the criminal mind is steps ahead.

 

2. Are we taking the right steps to address board-level security concerns?

Data Security concerns have escalated all the way to the board of directors, based upon this survey cited a ComputerWorldUK article. Proactive risk management is vital to address today’s security concerns. Enterprises must be steps ahead of their adversaries in planning their next move in the game of security.

 

3. What are the conventional and non-conventional techniques adopted to identify the criminal mind-set ...?

Unconventional techniques, such as application of gamification methods and psychological analysis, are augmenting the more conventional techniques today. Benchmarking ourselves in comparison with our peers is another effective approach.

 

4. How are we estimating the cost of cybercrime to our enterprise?

There are multiple contributing factors here that can be characterized across Loss of Revenue and the Cost of Execution. Knowing this cost is essential to making the business case for the security measures adopted within the enterprise.

 

5. Guess who is responsible for Cloud Security? Guess again!

The ultimate responsibility of ensuring the security of the solutions deployed in the Cloud rests with the Enterprise that owns the overall solution.

 

Interestingly enough, the answers to these questions could vary from one enterprise to another. Nevertheless, posing these questions and having the healthy dialog is a key step to ensure that the right security measures are in place.

That’s my list. How about you? What other questions come to your mind? I also wonder about the points that will be made in the context of the security maturity model in this BB3219 session. Looking forward to engaging with you before the session.

 

Connect with Nadhan on: Twitter, Facebook, Linkedin and Journey Blog.

 

References:

Check out these resources for more HP Discover details:

 

 

Follow HP Discover at:

 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author
About the Author(s)


Follow Us