Make those minutes count

Reinventing the CISO in a Changing IT Security Landscape

The cyber world is on alert following recent high-profile security breaches and hacking incidents. Inferior IT systems used in the automation of business processes and increased cyber trading have opened the floodgates for hackers.

Historically, the role of the chief information security officer (CISO) focused on all things IT. CISOs spent their time selecting, deploying and overseeing IT solutions. Some roles were even comparable to today’s IT security administrator jobs — guarding firewalls, negotiating with software vendors over antivirus solutions, scanning and clearing viruses from infected computer devices, and more. Many duties were completed to simply keep regulators at bay.

Multi-dimensional roles

Today, the CISO is a part of a much bigger picture — in security and in business. What can a successful information security officer bring to the corporate table?

Business Enabler  

The new CISO is not just an IT steward, but also a business enabler. The role now requires a seat at the C-level suite, sitting in boardrooms and taking part in IT decision-making with regard to systems availability and business performance. The CISO must understand business processes at all levels to be able to integrate the right machines and technology.

The Missing Link

In many organizations, IT and business still can’t see eye to eye. With IT security now a priority, the new role of the CISO  links the executive hierarchy to the individual business units. This new role calls for a second link – the bottom link – where more proactive collaboration between IT analysts and business managers can happen in each department.

Risk Manager

As an advocate for security, the new CISO is tasked as a risk manager. The role now requires identifying vectors of vulnerability and weakness in the security system and providing immediate solutions to mitigate risks. The CISO and team enforce access logs to establish traceable audit trails for easier determination of accountability. The CISO is likewise expected to explore opportunities to deliver enterprise IT systems and networks in a secure manner that is compliant with applicable regulations.

Influencer, Protector, Responder

These three new roles of the CISO were identified in a recent IBM survey. It revealed that organizations are looking at security with a holistic approach and are elevating the CISO to a more strategic position. Influencers are characterized as those who are confident and strategically prepared to influence business performance. Protectors are those with a strategic plan to prioritize security. And Responders are considered those who focus largely on protection and compliance.

Fundamental skills and competencies

Executives with a computer science or computer engineering background and experience in IT security at large enterprises are good candidates. Cybersecurity solutions product specialists and computer degree graduates with corporate IT experience can also fit into the role.

A deep technical background and experience is a must, but business acumen is another important consideration. CISOs must integrate IT into business to improve the performance of people, machines, processes, and the bottom line.

Managing IT Risk: The Special Case of Privileged Users

Acts of fraud in the workplace cost companies around $145,000, according to a report from the Association of Certified Fraud Examiners. From theft and security breaches to tarnished reputations, businesses have more than enough reason to take swift, strong action.

Internal perpetrators and leaks causing much of the damage go largely unchecked while security budgets focus more on external threats. In fact, less than half of IT departments dedicate funds to combat internal threats, according to a recent Raytheon-commissioned survey


Privileged Users: Your Best Assets and Highest Risks

Every company needs privileged users with greater access to the most valuable and sensitive IT resources and restricted company info. Privileged users include many of your best and most important employees, but their accounts need special security attention for several reasons:

  • High-level IT professionals need access to data and information too valuable to go unprotected.
  • These privileged users make attractive targets for outsiders to infiltrate.
  • These employees are often skilled and knowledgeable in the ways of hiding their fraudulent behavior.
  • Privileged users may have multiple user accounts on the network or multiple employees may have access to the same administrator accounts. IT departments need the power to accurately attribute user actions.

Why We All Must Worry About Internal Threats

Failing to protect against internal risks presents a major problem for any company. Malicious intent does not even need to be involved. Privileged users with high-level access have the power to topple networks and steal or destroy data, but even a perfectly loyal employee can become a security risk.

Without proper monitoring and security protocols, those with high security privileges can become the next target of an attack. External attackers have more to gain from users with broader access. Any employee may fall victim to a malicious attack, but the privileged user would expose more risk. Thus, organizations must grapple with how to tactfully and effectively prevent and address internal threats.

Handling the Security Risks of Privileged Users

IT leaders should devise a plan to combat privileged user threats, beginning with a common sense view of behavior in the workplace. You need to know who has access, and you need to know who has taken action when something has gone wrong.

Monitoring can help prevent internal damage, but policies should be clearly defined. False alarms create the need for high-tech security tools and auditing. No one enjoys a security scare that leads to a top employee being accused of theft. Companies need video evidence and reliable user data to avoid this problem.

The latest technologies for internal threat protection include privileged account management tools, or PAM. In conjunction with clear policies and monitoring systems that help analyze the context of user actions and the intent of possible attacks, the billion-dollar industry of internal fraud can be greatly diminished.