CISOs at top firms relay security investment strategies

Share this article:
CISOs at top firms relay security investment strategies
Security leaders from Global 1000 enterprises shared their insights in a report.

Security leaders from the world's largest global companies teamed up to share technology investment strategies with the community.

On Monday, RSA released a report (PDF) that compiled the insight of 18 CISOs and security execs at firms, such as Coca-Cola, Walmart, Intel, eBay and JPMorgan Chase.

The 20-page report called, “Transforming Information Security: Focusing on Strategic Technologies,” offered three key recommendations to fellow security pros as they plan investments to secure their infrastructure. The 18-member Security for Business Innovation Council (SBIC) authored the findings.

In the report, contributors – which included Coca-Cola CISO Renee Guttmann, FedEx CISO Denise Wood, JPMorgan Chase Chief Information Risk Officer Anish Bhimani and EMC's Vice President and CSO Dave Martin – advised that companies look ahead at least three years when creating a game plan for security investments, and that professionals enhance their assets by integrating technologies in use.

To the latter point, security leaders said that cutting-edge technologies (such as big data analytics, security intelligence platforms and governance, risk and compliance (GRC) management tools) could help security teams better see the “bigger picture,” when used collaboratively.

Lastly, the report recommended that organizations maximize the value of their current investments by formalizing their deployment efforts. In doing so, companies can better estimate operational costs and enhance management capabilities, including security tool maintenance and monitoring, the report said.

In a Tuesday interview with, Amit Yoran, senior vice president of RSA, addressed the council's recommendation for a three-year rolling plan at firms when determining needed technology capabilities. 

“That's a real challenge for a number of CISOs that have gone up through the security ranks,” Yoran said, speaking of efforts to forecast organizational threats and needs. “They tend to get bogged down in the daily execution of tasks, since there's so much crises going on. There's always a new exploit or escalation [issue] or problem to contend with,” he said.

Yoran later added that, overall, the report's recommendations center on building a multifaceted security program.

“There is definitely a very strong, mutual dependence on the people, process and technology,” Yoran said of successful programs. He noted that technology can serve as a means of reinforcing these enterprise assets.

“You definitely have to have a security program that can execute along all those dimensions," he said. "We ought to make sure that our companies utilize technologies that optimize the process and enable our people.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.