Feeds

Wannabe infosec kingpins: Forget tech, grab a clipboard

Ditch the debugger, bone up on biz risk management

Intelligent flash storage arrays

Budding chief information security officers (CISOs) would be better off boning up on business, communication, and risk management skills than getting bogged down in detailed discussions about technology, according to a panel of senior security professionals.

The overwhelming message from the InfoSecurity Summit 2012 in Hong Kong, was that CISOs need to be trusted and they need to add value, but most importantly they must understand risk in all areas of the business and then manage that risk proactively.

“The days of the CISO being technology-focused are over; the role is much more transversal now,” argued Jerome Walter, chief security officer Asia Pacific at French bank Natixis. “You should build relationships. Each department has different risk, different issues and you need to create an image of trust so they’ll come to you.”

Thomas Parenty, MD of fraud prevention firm Parenty Consulting, agreed, adding that security should never be approached out of context of the business.

“You need to deeply understand what the business does to be effective,” he said. “You need to better understand how the business operates more than you need to know about the security technology – that can be handled by someone else.”

This is not to say that CISOs should have no competence in technology, however, according to Dale Johnstone, who heads up security and risk management at the Hong Kong Hospital Authority.

“The fundamental principles of security have stayed the same over the years and a good CISO has to have enough understanding of technology to communicate with the tecchie people and the higher level management,” he explained.

“However, today they’re very reactive: fire-fighting and waiting for problems to happen rather than putting together an overall strategic plan.”

Trying to protect all the organisation’s information all the time can be challenging, especially when the bad guys can put all their resources into nabbing just one bit of it.

Thus, being able to discern “the pythons from the cockroaches” – or those attacks which could seriously damage a firm and those which aren’t so dangerous – is also a key skill, according to Vikalp Shrivastava, info security boss at casino group Melco Crown Entertainment.

There was one final piece of important advice for budding CISOs from Steve Tunstall, head of corporate risk at Cathay Pacific Airways: beware the regulators.

“What scares me is that data moves so fast. For many years our data was in mainframes, but over the past few years that shoe box has not only become porous, now it’s disappeared,” he argued.

“I don’t know where half the stuff is now. Regulators are slow to catch on but when they do the penalties are getting worse and worse. If you’re not alive to the latest changes in penalties you will be when a writ arrives on your desk.” ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.