Enterprise Services
Showing results for 
Search instead for 
Do you mean 

The Changing Role of the CISO: Risks, Trends, and Disrupters

‎07-17-2014 09:09 AM - edited ‎09-30-2015 07:05 AM

We all know the headlines: One week, it’s a string of major retailers in the U.S. Another week, it’s a healthcare provider that has lost control of patient records. Then there’s the breach of a major technology company. Over recent years, it’s hard to think of an industry that hasn’t had a significant compromise in security. Hardly a week goes by without a data security episode. In this HP report based on extensive interviews with experienced CISOs, we explain why it takes intelligent insight into the capabilities of your adversaries and vulnerabilities — as well as having the right response capabilities in place — to succeed in securing your enterprise.


lock_marquee.jpgAs trends continue, so does risk

Regulatory pressures continue to rise around the world as well. For example, the European Commission is proposing big changes to the EU’s 1995 data protection directive. The idea is to boost privacy, and help foster Europe’s digital economy. In the U.S., recent credit card breaches have brought about calls to change the Payment Card Industry Data Security Standard to government regulation, with calls for a national data breach disclosure law. This pressure supersedes technology trends that are disrupting business – Cloud computing, Mobility, Social Media, as well as other dramatic changes underway. All of these trends are dramatically altering the business and how workers work – and that means risk rises.  


Boards of Directors are now asking how their organizations can best manage risk, and what actions their security teams should be taking to better mitigate the IT risks their enterprises face. This is good news for technologists and security teams, and the ability for enterprises to secure themselves. Executive leadership of security efforts is crucial for success.


IT organizations can finally deliver insight

Business executives have wanted risk information and assurance for a long time, and the good news is that IT organizations can finally deliver that insight. Today, enterprises are combining Security Information and Event Management (SIEM) systems, data warehouses, advanced information and analytics tools to obtain the threat and vulnerability insight they need to contain risks. Clearly organizations no longer can depend upon blind reliance on defenses and security controls that don’t always work as expected.


We can’t continue down that unsustainable path.We really can’t.


Consumers are losing trust in the stores and online transactions they conduct. Businesses are concerned that their trade secrets are falling in the wrong hands. Enterprises are concerned that the unsecured systems of their third-party vendors are going to jeopardize their own security. Enterprises are also concerned that, sooner or later, they are going to be compromised.


Risks can’t be eliminated, but they can be properly managed

If history is any indication, the odds are high that even well-protected organizations, with the most mature security programs, will suffer a breach. Risks can’t be eliminated, but they can be properly managed. That’s why enterprises also need to invest more in detection and response capabilities. They need to make sure the victories of their adversaries are both minor and short-lived.


CISO report.JPGRead the report

Learn more about what enterprises can do to properly manage risk.

0 Kudos
About the Author


Nov 29 - Dec 1
Discover 2016 London
Learn how to thrive in a world of digital transformation at our biggest event of the year, Discover 2016 London, November 29 - December 1.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all