Breaches help bend ears of execs

Powered by SC Magazine
 

Make your CEO security savvy.

The importance of security is sinking into the minds of executives following the uptick in breaches recently, experts say.

Panelists at the RSA 2012 conference in San Francisco said security pros must be ready to field questions by c-level executives about the state of security.

They also had to effectively explain to their bosses threats and a case for budget, according to Computer Sciences Corp global CISO David McCue.

Accenture security consulting head Bill Phelps said many non-technical executives formerly had little awareness of what cyber threats meant to their organisation.

“The discussion around probability and consequences has changed,” he said.

Ebay CISO Dave Cullinane said other CISOs should improve communication of security threats to their CEO. He said this would help prepare directors to speak with press in the event of an incident.

“We have to quantify the risk posture and have a good discussion around risk tolerance to demonstrate ROI in reducing fraud and the number of incidents,” he said.

Gary McAlum, CSO of US insurance firm USAA, said security pros can talk about breaches and compliance regulations in the board room, but when it comes down to the bottom line, reputation and brand are the drivers.

“We need a continuing process of education,” he said. "Otherwise there are significant consequences.”

Eddie Schwartz, CISO at RSA, whch itself experienced a high-profile breach last year, said discussions with higher-ups need to be more business-oriented so to not baffle executives with a lot of jargon.

While security people understand incident management, crisis management is an entirely different beast, he said. At RSA, a team was put together to gather analytics to show the impact of the breach, and to look at all sides of the situation.

As far as what needs to be done to thwart future attacks, Cullinane said security pros must stop reacting to external attacks and instead need to get in front of the economic model which the cyber criminals use. That is, from observing their patterns of attack, be prepared to know where and how they might try to breach their next target.

Further, security personnel need to change their behavior to develop stronger instincts about what looks “off,”  Phelps said.

“People need to become more attuned to security risks," he said. "We have to change culturally."

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Breaches help bend ears of execs
 
 
 
Top Stories
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
Will Nutanix be outflanked before reaching IPO?
VMware muscles in on storage startup in hyper-converged infrastructure.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  11%
TOTAL VOTES: 617

Vote