Enterprise Services
Showing results for 
Search instead for 
Do you mean 

The Changing Role of the CISO: Risks, Trends, and Disrupters

EIC_Services ‎07-17-2014 09:09 AM - edited ‎09-30-2015 07:05 AM

We all know the headlines: One week, it’s a string of major retailers in the U.S. Another week, it’s a healthcare provider that has lost control of patient records. Then there’s the breach of a major technology company. Over recent years, it’s hard to think of an industry that hasn’t had a significant compromise in security. Hardly a week goes by without a data security episode. In this HP report based on extensive interviews with experienced CISOs, we explain why it takes intelligent insight into the capabilities of your adversaries and vulnerabilities — as well as having the right response capabilities in place — to succeed in securing your enterprise.


lock_marquee.jpgAs trends continue, so does risk

Regulatory pressures continue to rise around the world as well. For example, the European Commission is proposing big changes to the EU’s 1995 data protection directive. The idea is to boost privacy, and help foster Europe’s digital economy. In the U.S., recent credit card breaches have brought about calls to change the Payment Card Industry Data Security Standard to government regulation, with calls for a national data breach disclosure law. This pressure supersedes technology trends that are disrupting business – Cloud computing, Mobility, Social Media, as well as other dramatic changes underway. All of these trends are dramatically altering the business and how workers work – and that means risk rises.  


Boards of Directors are now asking how their organizations can best manage risk, and what actions their security teams should be taking to better mitigate the IT risks their enterprises face. This is good news for technologists and security teams, and the ability for enterprises to secure themselves. Executive leadership of security efforts is crucial for success.


IT organizations can finally deliver insight

Business executives have wanted risk information and assurance for a long time, and the good news is that IT organizations can finally deliver that insight. Today, enterprises are combining Security Information and Event Management (SIEM) systems, data warehouses, advanced information and analytics tools to obtain the threat and vulnerability insight they need to contain risks. Clearly organizations no longer can depend upon blind reliance on defenses and security controls that don’t always work as expected.


We can’t continue down that unsustainable path.We really can’t.


Consumers are losing trust in the stores and online transactions they conduct. Businesses are concerned that their trade secrets are falling in the wrong hands. Enterprises are concerned that the unsecured systems of their third-party vendors are going to jeopardize their own security. Enterprises are also concerned that, sooner or later, they are going to be compromised.


Risks can’t be eliminated, but they can be properly managed

If history is any indication, the odds are high that even well-protected organizations, with the most mature security programs, will suffer a breach. Risks can’t be eliminated, but they can be properly managed. That’s why enterprises also need to invest more in detection and response capabilities. They need to make sure the victories of their adversaries are both minor and short-lived.


CISO report.JPGRead the report

Learn more about what enterprises can do to properly manage risk.

About the Author


Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
January 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during the online Expert Days - see details below. Software experts do not monitor this foru...
Read more
See board event postings
Vivit Events - 2016
Learn about upcoming Vivit webinars and live events in 2016.
Read more
View all