CISOs at top firms relay security investment strategies

Share this article:
CISOs at top firms relay security investment strategies
Security leaders from Global 1000 enterprises shared their insights in a report.

Security leaders from the world's largest global companies teamed up to share technology investment strategies with the community.

On Monday, RSA released a report (PDF) that compiled the insight of 18 CISOs and security execs at firms, such as Coca-Cola, Walmart, Intel, eBay and JPMorgan Chase.

The 20-page report called, “Transforming Information Security: Focusing on Strategic Technologies,” offered three key recommendations to fellow security pros as they plan investments to secure their infrastructure. The 18-member Security for Business Innovation Council (SBIC) authored the findings.

In the report, contributors – which included Coca-Cola CISO Renee Guttmann, FedEx CISO Denise Wood, JPMorgan Chase Chief Information Risk Officer Anish Bhimani and EMC's Vice President and CSO Dave Martin – advised that companies look ahead at least three years when creating a game plan for security investments, and that professionals enhance their assets by integrating technologies in use.

To the latter point, security leaders said that cutting-edge technologies (such as big data analytics, security intelligence platforms and governance, risk and compliance (GRC) management tools) could help security teams better see the “bigger picture,” when used collaboratively.

Lastly, the report recommended that organizations maximize the value of their current investments by formalizing their deployment efforts. In doing so, companies can better estimate operational costs and enhance management capabilities, including security tool maintenance and monitoring, the report said.

In a Tuesday interview with, Amit Yoran, senior vice president of RSA, addressed the council's recommendation for a three-year rolling plan at firms when determining needed technology capabilities. 

“That's a real challenge for a number of CISOs that have gone up through the security ranks,” Yoran said, speaking of efforts to forecast organizational threats and needs. “They tend to get bogged down in the daily execution of tasks, since there's so much crises going on. There's always a new exploit or escalation [issue] or problem to contend with,” he said.

Yoran later added that, overall, the report's recommendations center on building a multifaceted security program.

“There is definitely a very strong, mutual dependence on the people, process and technology,” Yoran said of successful programs. He noted that technology can serve as a means of reinforcing these enterprise assets.

“You definitely have to have a security program that can execute along all those dimensions," he said. "We ought to make sure that our companies utilize technologies that optimize the process and enable our people.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.