Enterprise Services
Showing results for 
Search instead for 
Do you mean 

Are CIOs posing the right questions to the CISOs?

Nadhan on ‎05-09-2013 06:52 AM

I’ve shared my thoughts on questions that CIOs ought to ask themselves – whether it be about their priorities, how they deal with information, engaging with the CMO or innovating the planet by 2020. But the dialog referenced in the HP Discover BB3219 session on Security 101: Five questions CIOs should ask of their CISOs raises a different vantage point in my mind. Like many other strategies, there isn’t a single security strategy that fits all enterprises. It behooves the CIO to ask the CISO key questions that address the security concerns pertinent to the given enterprise. A conversation driven by the CIO with the CISO is likely to surface the right concerns, so that they can strike the balance that best fits their enterprise.


IT Lock.png

This HP Discover 2013 session delves into this dialog, while describing a security maturity model to help enterprises assess their security capabilities. So what are the questions the CIO ought to pose to the CISO? Here is a starting list you can expand upon:


1. Are our frameworks secure enough to combat the criminal minds?

Enterprises tend to view the adoption of standardized security frameworks as an adequate measure to address concerns. However these frameworks themselves only serve to give a false sense of security in a world where the criminal mind is steps ahead.


2. Are we taking the right steps to address board-level security concerns?

Data Security concerns have escalated all the way to the board of directors, based upon this survey cited a ComputerWorldUK article. Proactive risk management is vital to address today’s security concerns. Enterprises must be steps ahead of their adversaries in planning their next move in the game of security.


3. What are the conventional and non-conventional techniques adopted to identify the criminal mind-set in advance?

Unconventional techniques, such as application of gamification methods and psychological analysis, are augmenting the more conventional techniques today. Benchmarking ourselves in comparison with our peers is another effective approach.


4. How are we estimating the cost of cybercrime to our enterprise?

There are multiple contributing factors here that can be characterized across Loss of Revenue and the Cost of Execution. Knowing this cost is essential to making the business case for the security measures adopted within the enterprise.


5. Guess who is responsible for Cloud Security? Guess again!

The ultimate responsibility of ensuring the security of the solutions deployed in the Cloud rests with the Enterprise that owns the overall solution.


Interestingly enough, the answers to these questions could vary from one enterprise to another. Nevertheless, posing these questions and having the healthy dialog is a key step to ensure that the right security measures are in place.

That’s my list. How about you? What other questions come to your mind? I also wonder about the points that will be made in the context of the security maturity model in this BB3219 session. Looking forward to engaging with you before the session.


Connect with Nadhan on: Twitter, Facebook, Linkedin and Journey Blog.



Check out these resources for more HP Discover details:



Follow HP Discover at:


0 Kudos
About the Author


Nov 29 - Dec 1
Discover 2016 London
Learn how to thrive in a world of digital transformation at our biggest event of the year, Discover 2016 London, November 29 - December 1.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all