CISOs at top firms relay security investment strategies

Share this article:
CISOs at top firms relay security investment strategies
Security leaders from Global 1000 enterprises shared their insights in a report.

Security leaders from the world's largest global companies teamed up to share technology investment strategies with the community.

On Monday, RSA released a report (PDF) that compiled the insight of 18 CISOs and security execs at firms, such as Coca-Cola, Walmart, Intel, eBay and JPMorgan Chase.

The 20-page report called, “Transforming Information Security: Focusing on Strategic Technologies,” offered three key recommendations to fellow security pros as they plan investments to secure their infrastructure. The 18-member Security for Business Innovation Council (SBIC) authored the findings.

In the report, contributors – which included Coca-Cola CISO Renee Guttmann, FedEx CISO Denise Wood, JPMorgan Chase Chief Information Risk Officer Anish Bhimani and EMC's Vice President and CSO Dave Martin – advised that companies look ahead at least three years when creating a game plan for security investments, and that professionals enhance their assets by integrating technologies in use.

To the latter point, security leaders said that cutting-edge technologies (such as big data analytics, security intelligence platforms and governance, risk and compliance (GRC) management tools) could help security teams better see the “bigger picture,” when used collaboratively.

Lastly, the report recommended that organizations maximize the value of their current investments by formalizing their deployment efforts. In doing so, companies can better estimate operational costs and enhance management capabilities, including security tool maintenance and monitoring, the report said.

In a Tuesday interview with, Amit Yoran, senior vice president of RSA, addressed the council's recommendation for a three-year rolling plan at firms when determining needed technology capabilities. 

“That's a real challenge for a number of CISOs that have gone up through the security ranks,” Yoran said, speaking of efforts to forecast organizational threats and needs. “They tend to get bogged down in the daily execution of tasks, since there's so much crises going on. There's always a new exploit or escalation [issue] or problem to contend with,” he said.

Yoran later added that, overall, the report's recommendations center on building a multifaceted security program.

“There is definitely a very strong, mutual dependence on the people, process and technology,” Yoran said of successful programs. He noted that technology can serve as a means of reinforcing these enterprise assets.

“You definitely have to have a security program that can execute along all those dimensions," he said. "We ought to make sure that our companies utilize technologies that optimize the process and enable our people.”

Share this article:

Sign up to our newsletters

More in News

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

Researcher hacks network connected devices in own home

Researcher hacks network connected devices in own home

In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.

Study: Most higher ed malware infections attributed to 'Flashback'

Study: Most higher ed malware infections attributed to ...

Flashback caused a stir in 2012 when some 650,000 Macs were infected with the malware.