Thursday, February 26, 2015

Information Security Challenges: Conversation with a Fortune 500 CISO


Had an interesting conversation with the Chief Information Security Officer (CISO) of a major Fortune 500 corporation regarding Information Security a few days ago. The freewheeling conversation spanned many dimensions of the Information Security universe.
Information Security- The Public Posture. We exchanged some thoughts on what the public posture of large corporations should be around the issue of Information Security. One school of thought goes that making any claim about a company’s security practices in the public domain is as good as painting a bull’s eye on one’s back as a target for information thieves and hackers. While another school goes that the more you establish your thought and practice leadership in this area the better it is in terms of how your customers and stakeholders value you and are willing to give a premium for your products and services . A fine thin line to walk for sure. The jury is still out as to which would be a better approach. A middle path should be the best course. Easier said than done though in a veritable minefield.
Information Security and The Internet of Things. Switching gears. One thing is for sure though. The Internet of Things is here and is here to say. The “Thing” can be a power-plant as it could be the toaster on your kitchen shelf. And yes, the devices which the corporation makes are “Things” in the Internet of Things too. A network is as strong as its weakest link. And we would need to ensure that our devices do not become a point of entry for any person with evil intentions. Not that people are not trying though. See-saw battles between hackers and protectors is the order of the day. Govt. focus is on protecting the critical infrastructure elements which are now part of this Internet of Things.
Information Security and the Generational Dilemma. Another interesting dilemma is the ever-changing public perceptions about the nature of personal data and the security it needs. A Millennial , much more attuned to a “Sharing Economy” (think Uber, airbnb et al) has a different perspective on sharing personal data then say a Generation “X”er. And with the plethora of data leakages happening almost every day (the Anthem Insurance hack, one more in a long list), each one bigger than the last the public is slowly getting desensitized esp. since there is no big direct economic impact for most individuals other than slowly upward creeping cost of security which gets passed on to the consumer who does not feel the impact (“boiling frog” syndrome) .
All interesting challenges which keep the CISO and his team thinking even as they deal with the other daily challenges like the malware laden spam messages that target our mailboxes or building security approaches spanning the various entities that make up the organization.

No comments:

Search Google

Google

Site Meter