Information Technology Management with a Purpose

Dec 11 2012   7:09AM GMT

Have CISOs come of age?



Posted by: S R Balasubramanian
Tags:
Chief Information Security Officer (CISO)
information security
role of the CISO

I recently attended a seminar organized by a media house titled, ‘The CISO Summit’, and this was the fifth edition of the seminar series. The reason why this seminar stands out is that it was exclusively for CISOs and devoted only to the subject of security. The organizers had also instituted awards honoring CISOs who had done outstanding work in various areas. I was one of the jury members to decide on the awards and also got drawn as a panelist for one of the sessions.

The seminar was well-attended and had people drawn out from different cities. The event was well-organized. The two days of discussions proved very useful and there were quite a few takeaways for the participants. It was refreshing to see the subject of ‘security’ being given full coverage befitting its importance in today’s world of computing and connectivity. A few aspects of the seminar I thought were eye openers and they deserve a mention here.

The attendance

There was good participation comprising mainly information security heads from various organizations. This was the fifth event in the series and I remember attending the first one five years ago. Most of the participants then were CIOs and therefore the change in the composition of the people over the years clearly indicates that Chief Information Security Officers (CISOs) have assumed a certain level of importance in their organizations and that information security as a function is receiving the desired attention.

The survey findings

The organizers presented the findings of a survey they had conducted on various aspects of security in organizations across industry segments and companies of various sizes. An important aspect of the survey was that the responses were taken not only from CISOs but also from business heads and CEOs which gave a wider view of the subject. When compared with previous years the results showed improvement in CISOs levels, in their interaction with the Board and C levels, in the strategic alignment with business, in the scope, and in the number of people directly reporting to the CEO or COO. Responses from CEOs and CXOs also indicated an improvement in their perception and their willingness to directly participate in defining good security standards.

Comprehensive coverage

The seminar covered a wide variety of topics and it was heartening to see that the subject had enough breadth to fill in for two days content. The sessions carried presentations and discussions on the new age threats, about third party risk management, on private public partnership in Cyber Security, on data privacy in enterprises, on Governance, Risk and Compliance and about the Cyber Laws in India etc. Speakers and panelists were drawn from companies (CISOs), experts, vendor representatives, heads of Industry bodies like CERT and a lawyer specializing in Cyber Laws. We also heard of government initiatives in dealing with cyber crimes and about increasing public-private partnership on various projects. The discussions were rich and may have enhanced the knowledge levels of the participants. In short the subject of information security was very comprehensively dealt with, laying emphasis on the fact that this discipline has matured in India and deserved a pride of place not only in organizations but on the national scene as well.

Emphasis on strategic fit

Deliberations in the seminars and a reading of the projects submitted for the awards were a clear pointer to the fact that information security is today considered an integral part of Corporate Governance. I found that the security measures in many of the organizations were taken up as projects which had the blessings of the management. They were in line with the organizations’ overall plans and therefore strategically aligned.

While the event had good participation, they covered only a sample of organizations in India, yet the lessons drawn are significant. Information security is being considered important in this age of all pervasive connectivity and the consequent threats posed by many a hacker, other rogue elements on the net and from bad elements within. Rather than being considered a mere IT measure, it is now part of risk management and governance and CISOs are measuring up to the task.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: