Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

domenica 22 gennaio 2012

Are CISOs about to become about a lot more than security?

The role of the CISO will evolve to become more of an overall communicator and business strategist.

Speaking this week on the press conference for the launch of this year's Infosecurity Europe show, Neira Jones, head of payment security at Barclaycard, said there's often a "panic first" response to security incidents, followed by a hire â€" equivalent to with Sony.

Jones said: “The CISO now, from a topic-matter standpoint, must be more of a trusted advisor and use technology to enhance the business. They should be an analyst, a facilitator, a frontrunner and a thought manager. Which means that the perfect person must know the business priorities all inside the corporate security moral fibre.

“They ought to understand the business strategy, to be a strategist and a visionary, and not insular. They should take risks to satisfy business objectives and understand what the danger appetite is.

“A suitable CISO also needs undeniable credibility within the business, throughout the industry and with their peers. Additionally they should be an enabler of awareness and have the ability to influence others.”

Jones went directly to say that the key capabilities are to teach and lift awareness, using the correct language.

Asked what percentage CISOs already matched her description, Jones said she could "count all of them on one hand". She said: “In the past year there was a shift within the industry to risk management, and CISOs are privy to easy methods to manage risk in preference to controls.”

Speaking on the same event, professor Kevin Jones, professor of dependability and security of socio-technical systems at City University London, said "better knowledge is wanted in any respect levels" as security professionals "ought to communicate and want people trained to provide issues to lots of levels".

He said: “The modern CISO needs to be comfortable within the modern space and manage conflicting requirements, but understand business risk and value implications and communicate that properly. An excessive amount of risk and the corporate fails.

“The CISO must communicate all things to all levels, that's a troublesome role as they need to speak geek and business fluently. We now have a cultural gap that we have to fill.”

City University London announced a two-year, part-time, eight-module information security masters course that was designed for current information security professionals. Additional information is out there on the website.



Pubblicato da alle 23:58

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)