CISOs at top firms relay security investment strategies

Share this article:
CISOs at top firms relay security investment strategies
Security leaders from Global 1000 enterprises shared their insights in a report.

Security leaders from the world's largest global companies teamed up to share technology investment strategies with the community.

On Monday, RSA released a report (PDF) that compiled the insight of 18 CISOs and security execs at firms, such as Coca-Cola, Walmart, Intel, eBay and JPMorgan Chase.

The 20-page report called, “Transforming Information Security: Focusing on Strategic Technologies,” offered three key recommendations to fellow security pros as they plan investments to secure their infrastructure. The 18-member Security for Business Innovation Council (SBIC) authored the findings.

In the report, contributors – which included Coca-Cola CISO Renee Guttmann, FedEx CISO Denise Wood, JPMorgan Chase Chief Information Risk Officer Anish Bhimani and EMC's Vice President and CSO Dave Martin – advised that companies look ahead at least three years when creating a game plan for security investments, and that professionals enhance their assets by integrating technologies in use.

To the latter point, security leaders said that cutting-edge technologies (such as big data analytics, security intelligence platforms and governance, risk and compliance (GRC) management tools) could help security teams better see the “bigger picture,” when used collaboratively.

Lastly, the report recommended that organizations maximize the value of their current investments by formalizing their deployment efforts. In doing so, companies can better estimate operational costs and enhance management capabilities, including security tool maintenance and monitoring, the report said.

In a Tuesday interview with SCMagazine.com, Amit Yoran, senior vice president of RSA, addressed the council's recommendation for a three-year rolling plan at firms when determining needed technology capabilities. 

“That's a real challenge for a number of CISOs that have gone up through the security ranks,” Yoran said, speaking of efforts to forecast organizational threats and needs. “They tend to get bogged down in the daily execution of tasks, since there's so much crises going on. There's always a new exploit or escalation [issue] or problem to contend with,” he said.

Yoran later added that, overall, the report's recommendations center on building a multifaceted security program.

“There is definitely a very strong, mutual dependence on the people, process and technology,” Yoran said of successful programs. He noted that technology can serve as a means of reinforcing these enterprise assets.

“You definitely have to have a security program that can execute along all those dimensions," he said. "We ought to make sure that our companies utilize technologies that optimize the process and enable our people.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the ...

EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.

Researchers observe recently patched Adobe bug added to exploit kits

Researchers have indicated that a recently patched integer overflow in Adobe Flash Player has been added to exploit kits.