Cyber crime is pervasive and here to stay. Whether you work in the Public Sector, Private Sector, are the CEO for a Fortune 500 Company or trying to sustain a SMB everyone is under attack. This February, President Obama, issued an executive order aimed at protecting critical business and government infrastructure due to the scale and sophistication of IT security threats that have grown at an explosive rate. Organizations and Government agencies have to contend with industrialized attacks, which, in some cases, rival the size and sophistication of the largest legitimate computing efforts. In addition, they also have to guard against a more focused adversary with the resources and capabilities to target highly sensitive information, often through long-term attack campaigns. Many security executives are struggling to answer questions about the most effective approach.
http://www.dhs.gov/critical-infrastructure-sectors
Homeland Security Presidential Directive (HSPD) 7 established a national policy for Federal departments and agencies to identify and prioritize U.S. critical infrastructure and key resources, and to protect them from terrorist attacks. Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience advances a national policy to strengthen and maintain secure, functioning, and resilient critical infrastructure. This directive supersedes Homeland Security Presidential Directive 7. PPD-21 identifies 16 critical infrastructure sectors.
Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial Services, Food and Agriculture, Government Facilities, Healthcare and Public Health, Information Technology, Nuclear Reactors, Materials, and Waste, Transportation Systems, and Water& Wastewater Systems
Let’s take a look at the “CISO Landscape”
The role of the CISO is changing. It’s not just a technologist role. The CISO is just as likely to have an MBA as a degree in computer science. Building a team, forecasting, budgeting, understanding the regulatory environment, managing to metrics all become a factor. And the CISO has to be able to go in front of the board and explain how the importance of security strategy and how it is aligned to the business strategy of the organization.
But… there are challenges…