CSO: the art of catching the board's ear

Being a propeller head might get you so far in security, but it will be a security leader's finesse, business nous and human touch that will ensure security programs succeed.
Page:

Security investments that enable business

If security is to be viewed by CIOs, business unit leads and the board as a worthwhile competitor amidst other much larger technology projects, there will need to be a compelling argument behind it.

Girn believes the next security technology that has this quality for the enterprise is identity management. 

“Over the next few years, I think the main area where security can contribute is this whole concept of how to do identity management across mobile payments and the internet — the number of log-on IDs people need is amazingly high.

“That’s the next opportunity for some firms to work out how to allow access in a convenient way for customers. You need a log-on and a password for accessing online services and each of these require a different format. 

“Some want lower case, some want capitals, some want one numerical, some want two numericals. It’s actually creating the reverse effect of security in that people are writing down their 10 logons for internet services on a post-it and keeping it in their wallet,” says Girn.

It’s not just tech titans like Microsoft, Yahoo and Google that are considering the challengeof single-sign on to reduce complexity. 

“ Even companies themselves have struggled with creating consistent logons for their customers,” says Girn. However, he notes where it has been achieved, albeit only for parts of an organisation, it has delivered benefits.

“Where firms have standardised on a common approach, for example a bank across wealth, retail and trading services, it’s actually had a very positive effect on customer experience, convenience and security; one entry point and one log-on with an ability to navigate across services inside the organisations online offerings.

“So, the business opportunity is there for how you do that across the internet, covering services from banking, retail, travel and many others. A common industry approach on this would be a huge step to securing companies better, and enabling service that’s more convenient,” says Girn.

Page:

Comments

Mark Hatton

1

While a company’s safety can depend on improving communication between the CEO and CISO, as this article says, our recent survey found that 36 percent of CEOs don’t deem it necessary to get IT security briefings. Check out our CORE Security blog post here for more findings: http://bit.ly/MAAnfy

Andre Fernando Da Silva

2

IT and Information Security Management practices have come a long way improving the way security is planned, assessed and managed, but still depends on people to communicate well to ensure organizations achieve best from it. That means, security professionals in all levels need to mature skills on how to communicate and set the tone which make sense for specific organizations. The IT/IS Security Business Case is a good place to start learning the language.

Organization culture plays a critical role and if you don't align well with it I would say you should keep investing in building internal relationships. Find the right people to help you selling the message. Use spies to tell you how best to communicate with senior manager. It is not an exact science and our job is to be creative and optimist keeping the focus you our success.

In my experience working with different industries and culture backgrounds, I have to say that there is no recipe that fit all organizations. I would recommend our community to be open mind and to listen from every organization we work with and be willing to adapt and change our practices to win the game.

Start assisting your organization or customer on enabling efficient communication between the board and directors. The Security Committee Charter must be in your priorities.

Andre

lyricsjfal

3

Lyrics can be tricky to find, but not anymore with http://www.lyrzoo.com
This easy to use Lyrics search engine contains extensive database of over 700000 song Lyrics.
You can seach <a href=www.lyrzoo.com> Lyrics </a> database by song or artist.
Make sure you share it online and perhaps contribute to the website with new Lyrics.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Enterprise Security for Endpoints

Think your endpoints are secure? Think again. Learn why Trend Micro can help.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »