Enterprise Services
Showing results for 
Search instead for 
Do you mean 

Board level security concerns need proactive risk management

Nadhan on ‎02-26-2013 10:08 AM

Corporate America says data security is now the main concern in the boardroom when it comes to legal considerations, says Antony Savvas in this ComputerworldUK article, titled US boardrooms wake up to data security. This position is based on a survey of 11,000 public company directors and 2000 general counsels who rank data security as their top corporate fear. "We would better get security right," says HP Security Strategist Mary Ann Mezzapelle in her keynote at the recently held Open Group Conference at Newport Beach, CA. Mezzapelle asserts that proactive risk management is the approach that most effectively combats the rising concerns across various dimensions of security. But how proactive can enterprises be?

 Board of Directors.png

Mezzapelle challenges us with a few questions that should trigger the appropriate remedial steps to address vulnerabilities:


  • Where are your business users creating “shadow IT,” and have you assessed the exposure?
  • Where is your data, who owns it and how important is it to the business?
  • How much do you understand the security tools, processes and procedures from your cloud service provider?
  • Have you been taking an end-to-end perspective on security across cloud, mobility and various architectural layers?

These questions can be difficult to answer if enterprises do not have the right levels of governance in place with effective monitoring mechanisms. The questions trigger enterprises to proactively take steps to streamline the business of IT in a controlled manner.


On the other hand, Art Gilliland, Senior Vice President, and General Manager, HP Software Enterprise Security Products, would assert that the very frameworks enterprises strive to comply with (such as ISO and PCI) set a low bar for security that adversaries capitalize on. Criminal minds take the "proactive approach" to the next level. Gilliland explains this very well in his keynote preview at the RSA conference.


So, what are other steps that enterprises can take to be proactive in assessing, gauging and penetrating the mind of the hacker?

  • How about the inception of OODA techniques into the security hacker's mind?
  • Andy Ellis discusses managing risk with psychology instead of brute force in his keynote at the RSA Conference.
  • At the same conference, in another keynote, world re-knowned game-designer and inventor of SuperBetter, Jane McGonigal suggests the application of the "collective intelligence" that gaming generates can combat security concerns.
  • Gilliland himself suggests techniques such as Benchmarking for enterprises to share their experience in managing risk.

One might wonder if we need to go to such extremes to address the security concerns. Well, whether enterprises do it or not, their adversaries are. The art is in being proactive enough to be a step ahead of the adversaries.


You think twice before going to executive leadership with the statement of a concern. You are expected to identify the issue, find the quickest path to resolution and keep the executive leadership informed of the actions taken.


Proactive risk management is vital to address board-level security concerns.


How about you? How proactive is your enterprise today? What are some of the other approaches enterprises can take to be more proactive? Please let me know.


Connect with Nadhan on: Twitter, Facebook, Linkedin and Journey Blog


0 Kudos
About the Author


Nov 29 - Dec 1
Discover 2016 London
Learn how to thrive in a world of digital transformation at our biggest event of the year, Discover 2016 London, November 29 - December 1.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all