CSO: the art of catching the board's ear
- — 18 June, 2012 11:53
- ( 3 Comments )
The Cloud genie is already out of the bottle
Whether you agree with Google’s answer to security, it is clear that Cloud computing, private and public, is accelerating and because of that CSOs must consider new approaches to security.
“Cloud computing is making clear the need for companies to rethink their approach to security,” says Dimension Data’s Da Silva.
“Performing Cloud computing ‘security readiness’ assessments with different customers, I have noticed a lack of awareness of required security architectures, governance and operational security controls to allow enterprises to leverage Cloud computing.
” The ones that had were mature and “doing the basics right” such as the managing application security,information life-cycle, encryption, incident response, business continuity management / disaster recovery (BCM/ DR), identity access management and governance.
“You are not going to give the keys of your kingdom to someone, before you do, assess your provider’s capabilities”, says Da Silva.
But it may be too late to react since it’s happening already, says Securosis’ Rothman, who expects CSOs to face increasing difficulties managing Cloud computing deployments.
“CSOs’ can try to get ahead of Cloud deployments by having discussions about the potential risks with engineering managers. But in reality, Cloud stuff is already happening within almost all enterprises. So, it’s a matter not so much of putting the genie back in the bottle, [but] rather figuring out what’s already out there and calibrating the risk.”
Get exclusive access to CSO, invitation only events, reports & analysis. 
Comments
Mark Hatton
1
While a company’s safety can depend on improving communication between the CEO and CISO, as this article says, our recent survey found that 36 percent of CEOs don’t deem it necessary to get IT security briefings. Check out our CORE Security blog post here for more findings: http://bit.ly/MAAnfy
Andre Fernando Da Silva
2
IT and Information Security Management practices have come a long way improving the way security is planned, assessed and managed, but still depends on people to communicate well to ensure organizations achieve best from it. That means, security professionals in all levels need to mature skills on how to communicate and set the tone which make sense for specific organizations. The IT/IS Security Business Case is a good place to start learning the language.
Organization culture plays a critical role and if you don't align well with it I would say you should keep investing in building internal relationships. Find the right people to help you selling the message. Use spies to tell you how best to communicate with senior manager. It is not an exact science and our job is to be creative and optimist keeping the focus you our success.
In my experience working with different industries and culture backgrounds, I have to say that there is no recipe that fit all organizations. I would recommend our community to be open mind and to listen from every organization we work with and be willing to adapt and change our practices to win the game.
Start assisting your organization or customer on enabling efficient communication between the board and directors. The Security Committee Charter must be in your priorities.
Andre
lyricsjfal
3
Lyrics can be tricky to find, but not anymore with http://www.lyrzoo.com
This easy to use Lyrics search engine contains extensive database of over 700000 song Lyrics.
You can seach <a href=www.lyrzoo.com> Lyrics </a> database by song or artist.
Make sure you share it online and perhaps contribute to the website with new Lyrics.