Revealed: CISO's top security concerns

Chief information security officers in Australia and New Zealand have told analyst firm IBRS that managing consumer-grade mobile devices in the enterprise is one of their top security concerns.

The preliminary results of 70 plus interviews between senior IT security executives and IBRS analyst James Turner have revealed that managing and securing mobile devices - particularly the iPhone was a  concern.

"Executives are getting them, bringing them into the workplace and asking to have them set up as though it was an enterprise-issued device," said Turner. 

"There are a stack of issues around this, not least of which is the understanding that it's a consumer device and not built with enterprise utility in mind."

Turner said the penetration testers HackLabs, Securus Global and StratSec, with whom he has discussed the issue, were "scathing" of iPhone security, claiming it was "laughable".

"All they needed was physical access to the device and a laptop with some specific software on it.

"This is pretty serious for security professionals who are trying to protect their organisation's sensitive corporate data. Mobile phones are always being lost and the brand doesn't matter," he said.

Meanwhile, communicating risk to the organisation was also flagged as a top concern.

"Security professionals are continually dealing with the operational and environmental risks that the organisation has to address and then they have to identify these to business decision makers and recommend a path of action."

The top issues for CISOs in Australia and New Zealand in no particular order were:

1. Managing mobile users & mobile devices
2. Communicating risk to the rest of the organisation
3. DLP
4. Cybercrime & cyber-terrorism
5. Managing complexity
6. Managing the perimeter
7. Virtualisation and security
8. Managing information
9. Identity management
10. Managing vendors
11. Firewalls and architecture
12. Cloud and SaaS