SlideShare a Scribd company logo

Finding a Strategic Voice - IBM CISO Study

IBMGovernmentCA
IBMGovernmentCA

Insights from the 2012 IBM Chief Information Security Officer Assessment and the role of the CISO

Technology
1 of 13
Download to read offline
Finding a Strategic Voice Insights from the 2012 IBM Chief Information Security Officer Assessment © 2012 IBM Corporation
IBM Security Services IBM CISO Scope One of the largest and most complex internal IT infrastructures in the world 2,000-plus major sites 400,000-plus employees 800,000-plus traditional endpoints 170-plus countries About 200,000-plus About 50 percent of employees contractors are mobile Major employee sites Customer fulfillment Manufacturing Employee Service Centers IBM Research Centers IBM Internal Data Centers + Strategic 3K Strategic Outsourcing Customers © 2012 IBM Corporation
IBM Security Services Our customers are just beginning to appoint CISOs CFO CIO or CTO CLO CRO CSO (aka Chief Information Security Officer) 81% of CISO functions are re- Risk & Compliance organizing or have been re-organized Policy & Education within the last 6 months. Architecture (tools) Changes include increased scope, Operations change in reporting line. Incident Response Source: Corporate Executive. Board, IREC Study, July 2012 © 2012 IBM Corporation
IBM Security Services IBM’s 2012 Chief Information Security Officer Study Explores the organizational and leadership aspects of information security Tests if the role of information security leaders has dramatically changing based on: – Increasing numbers of security challenges – More attention from business leaders Included senior IT decision-makers across a broad range of industries Respondents included a combination of Large Enterprise (73%) and Mid-Market (27%) 4 © 2012 IBM Corporation
IBM Security Services Security leaders agree: the security landscape is changing Nearly two-thirds say Two-thirds expect senior executives are to spend more on paying more attention security over the next to security issues. two years. External threats More than one-half say are rated as a bigger mobile security is their greatest near- challenge than internal threats, new term technology technology or compliance. concern. © 2012 IBM Corporation
IBM Security Services Business leaders are paying more attention to security issues 64% say attention from business leadership has increased over the past two years “Almost every day we hear about other companies receiving Awareness of threats cyber attacks.” via media outlets “We were the victims of a hacker attack and lost a lot of important information.” Increased external risks (prior experience) “[Due to] the risk of law suits, competitors gaining our info, and compliance fines.” Compliance/regulatory pressure “I think the main driver is [that] our corporate headquarters is focusing on this area and pushing the info to business leadership.” Priority of executive leadership “Internal information, for example, the exchange with colleagues and customers, lead to an increase in attentiveness.” Internal risks © 2012 IBM Corporation
IBM Security Services Security leaders see external threats as greatest challenge today The emergence of “de-perimiterizing” technologies Primary Security Challenges to Organization Technology Concerns Over Next 2 Years 10% External threats 35% 16% Internal threats 25% 55% New technologies and 20% technology trends 20% Regulations and standards 20% Mobility Database storage Cloud computing Other Base sizes: CISO Total = 138 69% of respondents ranked external threats as either their #1 or #2 challenge 55% rated mobility issues their primary technology concern over next two years 7 © 2012 IBM Corporation
IBM Security Services Security leaders are emerging as a key business decision-makers More strategic leadership roles are now expected in next two years “It is going to become more prominent, a Chief Security Officer Higher who will report to the CEO, not just IT related.” importance “…will have a much larger say in the matter…influence and his decision-making power within the company will grow.” Wider “More accountable to the business. Their audience is expanding.” responsibility “In general their role will be moving away from specific risks to global risks. The role will be much larger than it used to be.” “The leaders will create new tools to avoid risks.” Shifting priorities “…will work more in the policy field... There will be a continuous adjustment of policies in order to protect access to information and the access and transfer of data.” © 2012 IBM Corporation
IBM Security Services Three types of Security Leadership Models “Security leaders are becoming more closely integrated into the business… …and more independent of information technology.” Responders Protectors Influencers • Establishing a dedicated • Aligning security initiatives • Strengthening security leadership role to broader enterprise communication, education • Automating routine priorities and business leadership security processes • Learning from and • Using insights from metrics • Primary driver: Crisis collaborating with a and data analysis network of security peers • Primary Driver: Risk • Primary driver: Compliance © 2012 IBM Corporation
IBM Security Services Influencers vs. Responders 2x more likely to have a dedicated CISO 2.5x more likely to have a security or risk committee 3x more likely to have information security as a board topic 2x more likely to use standard security metrics to track progress more likely to be focused on improving enterprise wide 4x communication and collaboration over the next two years more likely to focus on providing education and awareness than 2x implementing new security technology over next two years © 2012 IBM Corporation
IBM Security Services The CISO action plan… Move beyond the tactical focus by… Responders •Establishing a dedicated security leadership role •Assembling a security and risk committee •Measuring progress Make security more of a strategic priority by… •Investing more budget on reducing future risks Protectors •Aligning security initiatives with enterprise priorities •Collaborating and learning with a network of peers Innovate and advance security approaches by… • Strengthening communication, education and business Influencers leadership skills to cultivate a more risk-aware culture • Using insights from metrics and data analysis to identify high-value improvement areas © 2012 IBM Corporation
IBM Security Systems Your questions? 12 © 2012 IBM Corporation
IBM Security Systems 13 © 2012 IBM Corporation IBM Confidential- v2.7 08/13/12

Recommended

PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB
 
CISO Case Study 2011 V2
CISO Case Study 2011 V2CISO Case Study 2011 V2
CISO Case Study 2011 V2candy_alexander
 
Don't Get Left In The Dust How To Evolve From Ciso To Ciro
Don't Get Left In The Dust How To Evolve From Ciso To CiroDon't Get Left In The Dust How To Evolve From Ciso To Ciro
Don't Get Left In The Dust How To Evolve From Ciso To CiroPriyanka Aash
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 

Recommended

PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB
 
CISO Case Study 2011 V2
CISO Case Study 2011 V2CISO Case Study 2011 V2
CISO Case Study 2011 V2candy_alexander
 
Don't Get Left In The Dust How To Evolve From Ciso To Ciro
Don't Get Left In The Dust How To Evolve From Ciso To CiroDon't Get Left In The Dust How To Evolve From Ciso To Ciro
Don't Get Left In The Dust How To Evolve From Ciso To CiroPriyanka Aash
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Why does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programWhy does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programCharles Steve
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Where Is Your Sensitive Data Wp
Where Is Your Sensitive Data WpWhere Is Your Sensitive Data Wp
Where Is Your Sensitive Data Wptbeckwith
 
The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0theonassiokas
 
The CIO Viewpoint : How to Partner with the Top IT Executive
The CIO Viewpoint : How to Partner with the Top IT ExecutiveThe CIO Viewpoint : How to Partner with the Top IT Executive
The CIO Viewpoint : How to Partner with the Top IT ExecutiveAmazon Web Services
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Cohesive Networks
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metricsAbhishek Sood
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Michael Ofarrell
 
CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)OCTF Industry Engagement
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmPriyanka Aash
 
2012 security services clientprex
2012 security services clientprex2012 security services clientprex
2012 security services clientprexKim Aarenstrup
 

More Related Content

What's hot

Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Why does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programWhy does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programCharles Steve
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Where Is Your Sensitive Data Wp
Where Is Your Sensitive Data WpWhere Is Your Sensitive Data Wp
Where Is Your Sensitive Data Wptbeckwith
 
The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0theonassiokas
 
The CIO Viewpoint : How to Partner with the Top IT Executive
The CIO Viewpoint : How to Partner with the Top IT ExecutiveThe CIO Viewpoint : How to Partner with the Top IT Executive
The CIO Viewpoint : How to Partner with the Top IT ExecutiveAmazon Web Services
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Cohesive Networks
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metricsAbhishek Sood
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Michael Ofarrell
 

What's hot (20)

Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 
Why does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programWhy does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-program
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
Where Is Your Sensitive Data Wp
Where Is Your Sensitive Data WpWhere Is Your Sensitive Data Wp
Where Is Your Sensitive Data Wp
 
The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0
 
The CIO Viewpoint : How to Partner with the Top IT Executive
The CIO Viewpoint : How to Partner with the Top IT ExecutiveThe CIO Viewpoint : How to Partner with the Top IT Executive
The CIO Viewpoint : How to Partner with the Top IT Executive
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
 
Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metrics
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11
 
CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)
 

Similar to Finding a Strategic Voice - IBM CISO Study

ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmPriyanka Aash
 
2012 security services clientprex
2012 security services clientprex2012 security services clientprex
2012 security services clientprexKim Aarenstrup
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Insights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer AssessmentInsights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer AssessmentIBM Security
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomIBM Security
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Responding to the Pandemic: Information Security and Technology Trends
Responding to the Pandemic: Information Security and Technology Trends Responding to the Pandemic: Information Security and Technology Trends
Responding to the Pandemic: Information Security and Technology Trends Enterprise Management Associates
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
Security Priorities 2022 Sample Slides.pdf
Security Priorities 2022 Sample Slides.pdfSecurity Priorities 2022 Sample Slides.pdf
Security Priorities 2022 Sample Slides.pdfIDG
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM Sverige
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19IBM Sverige
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdfJose R
 
Final 2021 security_priorities_infographic (1)
Final 2021 security_priorities_infographic (1)Final 2021 security_priorities_infographic (1)
Final 2021 security_priorities_infographic (1)IDG
 

Similar to Finding a Strategic Voice - IBM CISO Study (20)

ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
 
2012 security services clientprex
2012 security services clientprex2012 security services clientprex
2012 security services clientprex
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-Security
 
Finding a strategic voice
Finding a strategic voiceFinding a strategic voice
Finding a strategic voice
 
Insights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer AssessmentInsights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer Assessment
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Responding to the Pandemic: Information Security and Technology Trends
Responding to the Pandemic: Information Security and Technology Trends Responding to the Pandemic: Information Security and Technology Trends
Responding to the Pandemic: Information Security and Technology Trends
 
Reputational Risk
Reputational RiskReputational Risk
Reputational Risk
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
 
Security Priorities 2022 Sample Slides.pdf
Security Priorities 2022 Sample Slides.pdfSecurity Priorities 2022 Sample Slides.pdf
Security Priorities 2022 Sample Slides.pdf
 
Sw keynote
Sw keynoteSw keynote
Sw keynote
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
 
Final 2021 security_priorities_infographic (1)
Final 2021 security_priorities_infographic (1)Final 2021 security_priorities_infographic (1)
Final 2021 security_priorities_infographic (1)
 
Avoiding Data Breaches in 2016: What You Need to Know
Avoiding Data Breaches in 2016: What You Need to Know Avoiding Data Breaches in 2016: What You Need to Know
Avoiding Data Breaches in 2016: What You Need to Know
 

More from IBMGovernmentCA

Cge leadership summit ibm presentation public sector analytics
Cge leadership summit ibm presentation public sector analyticsCge leadership summit ibm presentation public sector analytics
Cge leadership summit ibm presentation public sector analyticsIBMGovernmentCA
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorIBMGovernmentCA
 
Investigating, Mitigating and Preventing Cyber Attacks with Security Analytics
Investigating, Mitigating and Preventing Cyber Attacks with Security AnalyticsInvestigating, Mitigating and Preventing Cyber Attacks with Security Analytics
Investigating, Mitigating and Preventing Cyber Attacks with Security AnalyticsIBMGovernmentCA
 
CEO Study Insights; Career Resiliency In Time of Change
CEO Study Insights; Career Resiliency In Time of ChangeCEO Study Insights; Career Resiliency In Time of Change
CEO Study Insights; Career Resiliency In Time of ChangeIBMGovernmentCA
 
Overview of IBM Capabilities
Overview of IBM CapabilitiesOverview of IBM Capabilities
Overview of IBM CapabilitiesIBMGovernmentCA
 
Business Process Management
Business Process ManagementBusiness Process Management
Business Process ManagementIBMGovernmentCA
 
Information Governance for Smarter Government Strategy and Solutions
Information Governance for Smarter Government Strategy and SolutionsInformation Governance for Smarter Government Strategy and Solutions
Information Governance for Smarter Government Strategy and SolutionsIBMGovernmentCA
 
Smarter Computing Integrated Systems
Smarter Computing Integrated SystemsSmarter Computing Integrated Systems
Smarter Computing Integrated SystemsIBMGovernmentCA
 
Smarter Software for Smarter Governments
Smarter Software for Smarter GovernmentsSmarter Software for Smarter Governments
Smarter Software for Smarter GovernmentsIBMGovernmentCA
 
Perspectives and Case Studies on Effective Theatre Base Service Management
Perspectives and Case Studies on Effective Theatre Base Service ManagementPerspectives and Case Studies on Effective Theatre Base Service Management
Perspectives and Case Studies on Effective Theatre Base Service ManagementIBMGovernmentCA
 
Reducing IT Costs and Improving Security with Purpose Built Network Appliances
Reducing IT Costs and Improving Security with Purpose Built Network AppliancesReducing IT Costs and Improving Security with Purpose Built Network Appliances
Reducing IT Costs and Improving Security with Purpose Built Network AppliancesIBMGovernmentCA
 
Improving Defence Program Execution
Improving Defence Program ExecutionImproving Defence Program Execution
Improving Defence Program ExecutionIBMGovernmentCA
 
A Hybrid Technology Platform for Increasing the Speed of Operational Analytics
A Hybrid Technology Platform for Increasing the Speed of Operational AnalyticsA Hybrid Technology Platform for Increasing the Speed of Operational Analytics
A Hybrid Technology Platform for Increasing the Speed of Operational AnalyticsIBMGovernmentCA
 
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...IBMGovernmentCA
 
Defense Intelligence & The Information Challenge
Defense Intelligence & The Information ChallengeDefense Intelligence & The Information Challenge
Defense Intelligence & The Information ChallengeIBMGovernmentCA
 
Analytics for Smarter Defence
Analytics for Smarter DefenceAnalytics for Smarter Defence
Analytics for Smarter DefenceIBMGovernmentCA
 
Keynote phaedra boinodiris serious games beyond training from process optim...
Keynote phaedra boinodiris serious games beyond training from process optim...Keynote phaedra boinodiris serious games beyond training from process optim...
Keynote phaedra boinodiris serious games beyond training from process optim...IBMGovernmentCA
 

More from IBMGovernmentCA (20)

Cge leadership summit ibm presentation public sector analytics
Cge leadership summit ibm presentation public sector analyticsCge leadership summit ibm presentation public sector analytics
Cge leadership summit ibm presentation public sector analytics
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
 
Investigating, Mitigating and Preventing Cyber Attacks with Security Analytics
Investigating, Mitigating and Preventing Cyber Attacks with Security AnalyticsInvestigating, Mitigating and Preventing Cyber Attacks with Security Analytics
Investigating, Mitigating and Preventing Cyber Attacks with Security Analytics
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
CEO Study Insights; Career Resiliency In Time of Change
CEO Study Insights; Career Resiliency In Time of ChangeCEO Study Insights; Career Resiliency In Time of Change
CEO Study Insights; Career Resiliency In Time of Change
 
Overview of IBM Capabilities
Overview of IBM CapabilitiesOverview of IBM Capabilities
Overview of IBM Capabilities
 
Business Process Management
Business Process ManagementBusiness Process Management
Business Process Management
 
Information Governance for Smarter Government Strategy and Solutions
Information Governance for Smarter Government Strategy and SolutionsInformation Governance for Smarter Government Strategy and Solutions
Information Governance for Smarter Government Strategy and Solutions
 
Smarter Computing Integrated Systems
Smarter Computing Integrated SystemsSmarter Computing Integrated Systems
Smarter Computing Integrated Systems
 
Smarter Software for Smarter Governments
Smarter Software for Smarter GovernmentsSmarter Software for Smarter Governments
Smarter Software for Smarter Governments
 
Perspectives and Case Studies on Effective Theatre Base Service Management
Perspectives and Case Studies on Effective Theatre Base Service ManagementPerspectives and Case Studies on Effective Theatre Base Service Management
Perspectives and Case Studies on Effective Theatre Base Service Management
 
Reducing IT Costs and Improving Security with Purpose Built Network Appliances
Reducing IT Costs and Improving Security with Purpose Built Network AppliancesReducing IT Costs and Improving Security with Purpose Built Network Appliances
Reducing IT Costs and Improving Security with Purpose Built Network Appliances
 
Improving Defence Program Execution
Improving Defence Program ExecutionImproving Defence Program Execution
Improving Defence Program Execution
 
A Hybrid Technology Platform for Increasing the Speed of Operational Analytics
A Hybrid Technology Platform for Increasing the Speed of Operational AnalyticsA Hybrid Technology Platform for Increasing the Speed of Operational Analytics
A Hybrid Technology Platform for Increasing the Speed of Operational Analytics
 
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
 
Defense Intelligence & The Information Challenge
Defense Intelligence & The Information ChallengeDefense Intelligence & The Information Challenge
Defense Intelligence & The Information Challenge
 
Analytics for Smarter Defence
Analytics for Smarter DefenceAnalytics for Smarter Defence
Analytics for Smarter Defence
 
Keynote phaedra boinodiris serious games beyond training from process optim...
Keynote phaedra boinodiris serious games beyond training from process optim...Keynote phaedra boinodiris serious games beyond training from process optim...
Keynote phaedra boinodiris serious games beyond training from process optim...
 
Where Ideas Come From
Where Ideas Come FromWhere Ideas Come From
Where Ideas Come From
 
What Are The Chances
What Are The ChancesWhat Are The Chances
What Are The Chances
 

Recently uploaded

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Recently uploaded (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

Finding a Strategic Voice - IBM CISO Study

  • 1. Finding a Strategic Voice Insights from the 2012 IBM Chief Information Security Officer Assessment © 2012 IBM Corporation
  • 2. IBM Security Services IBM CISO Scope One of the largest and most complex internal IT infrastructures in the world 2,000-plus major sites 400,000-plus employees 800,000-plus traditional endpoints 170-plus countries About 200,000-plus About 50 percent of employees contractors are mobile Major employee sites Customer fulfillment Manufacturing Employee Service Centers IBM Research Centers IBM Internal Data Centers + Strategic 3K Strategic Outsourcing Customers © 2012 IBM Corporation
  • 3. IBM Security Services Our customers are just beginning to appoint CISOs CFO CIO or CTO CLO CRO CSO (aka Chief Information Security Officer) 81% of CISO functions are re- Risk & Compliance organizing or have been re-organized Policy & Education within the last 6 months. Architecture (tools) Changes include increased scope, Operations change in reporting line. Incident Response Source: Corporate Executive. Board, IREC Study, July 2012 © 2012 IBM Corporation
  • 4. IBM Security Services IBM’s 2012 Chief Information Security Officer Study Explores the organizational and leadership aspects of information security Tests if the role of information security leaders has dramatically changing based on: – Increasing numbers of security challenges – More attention from business leaders Included senior IT decision-makers across a broad range of industries Respondents included a combination of Large Enterprise (73%) and Mid-Market (27%) 4 © 2012 IBM Corporation
  • 5. IBM Security Services Security leaders agree: the security landscape is changing Nearly two-thirds say Two-thirds expect senior executives are to spend more on paying more attention security over the next to security issues. two years. External threats More than one-half say are rated as a bigger mobile security is their greatest near- challenge than internal threats, new term technology technology or compliance. concern. © 2012 IBM Corporation
  • 6. IBM Security Services Business leaders are paying more attention to security issues 64% say attention from business leadership has increased over the past two years “Almost every day we hear about other companies receiving Awareness of threats cyber attacks.” via media outlets “We were the victims of a hacker attack and lost a lot of important information.” Increased external risks (prior experience) “[Due to] the risk of law suits, competitors gaining our info, and compliance fines.” Compliance/regulatory pressure “I think the main driver is [that] our corporate headquarters is focusing on this area and pushing the info to business leadership.” Priority of executive leadership “Internal information, for example, the exchange with colleagues and customers, lead to an increase in attentiveness.” Internal risks © 2012 IBM Corporation
  • 7. IBM Security Services Security leaders see external threats as greatest challenge today The emergence of “de-perimiterizing” technologies Primary Security Challenges to Organization Technology Concerns Over Next 2 Years 10% External threats 35% 16% Internal threats 25% 55% New technologies and 20% technology trends 20% Regulations and standards 20% Mobility Database storage Cloud computing Other Base sizes: CISO Total = 138 69% of respondents ranked external threats as either their #1 or #2 challenge 55% rated mobility issues their primary technology concern over next two years 7 © 2012 IBM Corporation
  • 8. IBM Security Services Security leaders are emerging as a key business decision-makers More strategic leadership roles are now expected in next two years “It is going to become more prominent, a Chief Security Officer Higher who will report to the CEO, not just IT related.” importance “…will have a much larger say in the matter…influence and his decision-making power within the company will grow.” Wider “More accountable to the business. Their audience is expanding.” responsibility “In general their role will be moving away from specific risks to global risks. The role will be much larger than it used to be.” “The leaders will create new tools to avoid risks.” Shifting priorities “…will work more in the policy field... There will be a continuous adjustment of policies in order to protect access to information and the access and transfer of data.” © 2012 IBM Corporation
  • 9. IBM Security Services Three types of Security Leadership Models “Security leaders are becoming more closely integrated into the business… …and more independent of information technology.” Responders Protectors Influencers • Establishing a dedicated • Aligning security initiatives • Strengthening security leadership role to broader enterprise communication, education • Automating routine priorities and business leadership security processes • Learning from and • Using insights from metrics • Primary driver: Crisis collaborating with a and data analysis network of security peers • Primary Driver: Risk • Primary driver: Compliance © 2012 IBM Corporation
  • 10. IBM Security Services Influencers vs. Responders 2x more likely to have a dedicated CISO 2.5x more likely to have a security or risk committee 3x more likely to have information security as a board topic 2x more likely to use standard security metrics to track progress more likely to be focused on improving enterprise wide 4x communication and collaboration over the next two years more likely to focus on providing education and awareness than 2x implementing new security technology over next two years © 2012 IBM Corporation
  • 11. IBM Security Services The CISO action plan… Move beyond the tactical focus by… Responders •Establishing a dedicated security leadership role •Assembling a security and risk committee •Measuring progress Make security more of a strategic priority by… •Investing more budget on reducing future risks Protectors •Aligning security initiatives with enterprise priorities •Collaborating and learning with a network of peers Innovate and advance security approaches by… • Strengthening communication, education and business Influencers leadership skills to cultivate a more risk-aware culture • Using insights from metrics and data analysis to identify high-value improvement areas © 2012 IBM Corporation
  • 12. IBM Security Systems Your questions? 12 © 2012 IBM Corporation
  • 13. IBM Security Systems 13 © 2012 IBM Corporation IBM Confidential- v2.7 08/13/12