One of the many things that I've learned being a consultant is knowing who inside an organization to ask which question. With increasing regularity, the go-to person has become the chief information security officer and the reason is very clear. CISOs are asked to understand business and technology risks while balancing critical organizational priorities. A good CISO needs to be just as effective in the boardroom as the data center. This is the paradigm we have to adjust to in 2011 and beyond.
Our understanding of risk and risk management is evolving daily. Our business leaders are often used to dealing with risks – such as first-mover advantage versus early adopter risks. They understand opportunity cost and forward-looking investment models. Risk is part of the entrepreneurial bloodstream. CISOs are asked to deal with a different set of risks. They are often asked to balance risks related to new and innovative uses of intellectual property across an increasingly complicated global value chain, in an environment fraught with advanced persistent threats targeting that very same intellectual property.
The best CISOs flourish with these challenges. It excites them and motivates them to become more creative and more inventive in dealing with threats, regulations and new technologies.
Tonight we celebrate the information security industry as a whole. We recognize those practitioners, innovators and entrepreneurs looking to help manage our risks in an environment that is growing exponentially more complex each and every day. To those leaders nominated tonight, I congratulate you all for helping us tackle these challenges. To those winners, let me celebrate you for rising to the top. This was a complicated judging process since so many of the entries were innovative and effective. Thank you all!
– Greg Bell is global services leader, information protection and business resiliency, at KPMG.