Widespread economic uncertainty and decreased budgets have forced top-level Information Security executives to utilize alternative technology and invest in the existing workforce creating an onslaught of new information security issues.
February 6, 2012, Albuquerque, NM- 2012 brings an unfamiliar set of challenges for Chief Information Security Officers (CISO). The troubled economy and increased economic uncertainty has led many to seek alternatives to doing more with less. However, new initiatives such as implementing more cost efficient technology, with cloud computing being top-of-mind for many executives, and investing in existing resources, like the workforce, come with a set of security and training challenges.
Guidelines to address these challenges were developed at EC-Council’s Inaugural CISO Executive Summit in December 2011. Over 40 prominent top-level executives from the private, public, and government sectors gathered to collaborate on information security (IS) best practices. The corporations and agencies included: IBM, Motorola, TransUnion, Abu Dhabi Securities Exchange (ADX), Sallie Mae, Blue Cross Blue Shield, Deloitte Touche, U.S. Department of Treasury, U.S. Army Reserve and Department of Defense. To view the full report complete with key takeaways or to attend or speak at upcoming CISO Executive Summits, please click here.
The information security topic of responsible implementation of cloud computing was one of the focus areas of the CISO Executive Summit.
Ben Eu, Program CISO at IBM, and Raymond Soriano, Director of Security Privacy Services and Cyber Threat Vulnerability Management at Deloitte Touche, served as co-chairs on the “Embracing the Cloud and Mitigating Surrounding Threats” panel discussion. Summarizing the panel discussion, they stated that in order to mitigate threats posed by the cloud, top IS professionals must:
Perform due diligence and consider satisfactory levels of Right to Audit and other measures within contracts.
Consult with business to understand the requirements and risk tolerance for cloud solutions.
Engage with Internal Audit to help support and drive additional control with cloud solutions applied for the organization.
Another challenge that awaits CISOs in the New Year is ensuring the IS team they lead consists of highly skilled professionals who are ready to mitigate risks associated with cloud computing and other technologies.
According to “The IT Skills Gap”, an article written by Andrew Horne, practice director at Corporate Executive Board, another one of the CISO’s most serious challenges is the lack of adequate skills in prospective and current IS employees. It is projected that demand for certain roles in the IS field will increase by over 200% within the next 5 years. Horne goes on to say that, “As key IT skills are in short supply, and the few people with those skills are not going to be pried loose from their current employers, the only option for CISO’s is to develop existing employees.”
Co-chairs of “Structuring and Managing Your Infosec Workforce”, Jerry Chappee, Chief Information Assurance and Operations Officer for the U.S. Army Reserve, and Jeffrey Vinson, Director and CISO of SecureNet Payment Systems, stated that one of the best ways to improve the skills of the existing workforce is by investing in certifications, “Leaders of the organization need to support their people and show them the importance of certifications. More specifically, how the certification directly supports the business and keeps information more secure.”
2012 will have its share of challenges and obstacles to overcome. The tough economic climate and mantra of “doing more with less” will prompt Information Security leaders to come together and share knowledge and ideas. It is the mission of the CISO Executive Summit Series to unite the top Information Security (IS) leaders across the world in the fight against cyber crime and IS threats, while providing a platform for continuous learning where the most recent IS threats and landscape evolution can be discussed and debated.
EC-Council is committed to providing Information Assurance Executive Professionals with the latest Information Security news and trends from the industry’s leading experts. Readers are also encouraged to look into EC-Council’s Certified Chief Information Security Officer (C|CISO) Certification and EC-Council’s CISO Executive Summit Series.
Marissa Easter Marketing Communications Specialist (firstname.lastname@example.org)
About EC-Council CISO Executive Summit Series:
EC-Council CISO Executive Summit Series strives to unite the top Information Security (IS) leaders across the world in the fight against cyber crime and IS threats, while providing a platform for continuous learning where the most recent Information Security threats and landscape evolution can be discussed and debated. Designed by EC-Council, the 1st in the CISO Executive Summit Series made its debut in Las Vegas, NV in December 2011. Due to the nature of the discussions, all CISO Summits are closed-door events open only to senior information security executives (C-levels, VPs, Senior Directors, etc.). http://www.eccouncil.org/cisosummit
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst/Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences.