Exploit Risks for Competitive Advantage

Late last month Grey Head Media and Ernst & Young India co-organized its first Dynamic CISO Summit in Mumbai with a clear focus to get real-life teachings from top security practitioners in the country.

During the conference, few CISOs from more evolved organizations were of the view that dependence only on technical skills will not make security relevant for the business.

"We need to look at risk from a positive side and if risks are not taken, we will lose on opportunity," said Felix Mohan, CISO, Bharti Airtel.

Vishal Salvi, CISO, HDFC Bank, was of the view that security professionals need to engage with other functions as business risk managers and not merely focus on tools and technologies.

This week, RSA, The Security Division of EMC, released the latest Security for Business Innovation Council (SBIC) report that echoes the views of these CISOs.

The Council has come up with five recommendations for organizations to move information security programs forward and help business groups exploit risk for competitive advantage:

Shift Focus from Technical Assets to Critical Business Processes

    Expand beyond a technical, myopic view of protecting information assets and get a broader picture of how the business uses information by working with business units to document critical business processes.

Institute Business Estimates of Cybersecurity Risks

    Describe cybersecurity risks in hard-hitting, quantified business terms and integrate these business impact estimates into the risk-advisory process.

Establish Business-centric Risk Assessments

    Adopt automated tools for tracking information risks so business units can take an active hand in identifying danger and mitigating risks and thus assume greater responsibility for security.

Set a Course for Evidence-based Controls Assurance

    Develop and document capabilities to amass data that proves the efficacy of controls on a continuous basis.

Develop Informed Data Collection Techniques

    Set a course for data architecture that can enhance visibility and enrich analytics. Consider the types of questions data analytics can answer in order to identify relevant sources of data.

The report titled Transforming Information Security: Future-Proofing Processes, has found that business groups within organizations are taking greater ownership of information risk management; however outdated security processes are hindering business innovation and making it difficult to combat new cybersecurity risks.

"There is absence of any capability to measure cybersecurity preparedness. Organizations need to utilize alternative means and sources to check their defenses," stated Burgess Cooper, Vice President Information Security at Vodafone during the Dynamic CISO summit.

Categories: Technology

About Author

Orange Themes

Ashwani Mishra

Ashwani Mishra is a former Executive Editor at DynamicCIO....

Read more

Write a Comment

Your e-mail address will not be published.
Required fields are marked*


Recent Comments