I’ve shared my thoughts on questions that CIOs ought to ask themselves – whether it be about their priorities, how they deal with information, engaging with the CMO or innovating the planet by 2020. But the dialog referenced in the HP Discover BB3219 session on Security 101: Five questions CIOs should ask of their CISOs raises a different vantage point in my mind. Like many other strategies, there isn’t a single security strategy that fits all enterprises. It behooves the CIO to ask the CISO key questions that address the security concerns pertinent to the given enterprise. A conversation driven by the CIO with the CISO is likely to surface the right concerns, so that they can strike the balance that best fits their enterprise.
Corporate America says data security is now the main concern in the boardroom when it comes to legal considerations, says Antony Savvas in this ComputerworldUK article, titled US boardrooms wake up to data security. This position is based on a survey of 11,000 public company directors and 2000 general counsels who rank data security as their top corporate fear. "We would better get security right," says HP Security Strategist Mary Ann Mezzapelle in her keynote at the recently held Open Group Conference at Newport Beach, CA. Mezzapelle asserts that proactive risk management is the approach that most effectively combats the rising concerns across various dimensions of security. But how proactive can enterprises be?
Enterprises view the adoption of standardized security frameworks as a panacea, addressing the challenges posed by our adversaries in the world of security. But are these security frameworks adequate? Do they inherently combat innovative criminal minds, which are constantly at work planning the next wave of attacks? Art Gilliland, Senior Vice President, and General Manager, HP Software Enterprise Security Products, says these frameworks are not only inadequate, but also set a low bar for enterprises, giving the enterprise a false sense of security. This message comes across loud and clear in Gilliland’s preview of his session on "Criminal Education: Lessons from the Criminals and their Methods" at the 2013 RSA Conference.
The annual RSA Conference brings together a wide array of perspectives from industry leaders in security. As such, it functions as a bellwether for all things security. Like other conferences, the keynote abstracts characterize the major themes in the conference providing, us valuable insight into the current and future state of security.
Hello Enterprise IT. This is Data.
Remember when I introduced myself? I asked you to realize the big picture. Then I introduced my new master. I also alerted you to changes that may be needed to your job. Today I want to warn you that I am easily prone to falling prey to hackers on the prowl who misuse me in innovative ways. And remind you that I look to you – Enterprise IT – to protect me like you would protect your most valuable asset.