Events

A CISO, a CIO and a CTO Discuss Cybersecurity Strategies

Using Security as a Business Enabler
A CISO, a CIO and a CTO Discuss Cybersecurity Strategies
(From Left): Sandip Chakraborty, CTO, Edelweiss General Insurance; Brijesh Dutta, CISO, Reliance Jio; and Sridhar Sidhu, senior VP, enterprise information security, Wells Fargo

The cross-functional groups across enterprises need to be held equally accountable for cybersecurity, viewing security is a business enabler.

See Also: Insecure APIs: How to Establish the Right Authentication and Authorization Standards

That was the consensus of a CISO, CTO and a CIO who participated in a panel discussion at the Information Security Media Group’s recent Cybersecurity Summit in Mumbai.

“While enterprises do understand the proximity between the CTOs and CIOs, and each one is gung-ho about carrying out big things with high aspirations, it is always critical to set the rules of the game when it comes to securing the processes and the responsibility therein,” said Sandip Chakraborty, CTO at Edelweiss General Insurance Co. Ltd. “While the CISOs and CTOs do not cross lines, there are lot of functions that CISOs and CTOs jointly do, and there is a lot of scope for enhancing the coordination to make the environment secure.”

CIOs and CTOs must work closely together to ensure system availability and security, said , CISO at Reliance Jio.

A major challenge when working on projects where security is a business enabler is to determine how the security team can navigate and negotiate to gain buy-in from senior executives in all departments, said Sridhar Sidhu, senior vice president of enterprise information security at Wells Fargo.

Accountability

The panelists agreed that most enterprises have come a long way in dealing with security, pointing out that many now have an enterprise risk management framework. But too many organizations have failed to clearly define who has responsibility for cybersecurity.

“The problem is that CISOs are hired for the reason that they are made accountable for security or any breach incidents that may occur, which is a wrong model,” Dutta said. “In mature organizations, CTOs and CIOs also need to be made accountable for security breaches so that if one happens … the coordination happens on its own without any disagreements. The conflicts can be resolved if risks and vulnerabilities are communicated effectively. In my opinion, the accountability starts from the top.”

Chakraborty argued that CISOs need to be perceived as business enablers and consultants who are helping CTOs by providing meaningful logs that can be less vulnerable to threats.

CTOs are responsible for deploying new technologies and applications and new projects, and they need the CISO’s support to help avoid any business disruptions, he said.

Building Trust

Sidhu said there’s a growing appreciation that the security department cannot function without the help of the CTO and a CIO, so building trust is essential.

Many companies’ boards of directors have overlooked cybersecurity responsibilities, preferring to leave them to the “experts,” the panelists said. But that approach is no longer viable, they said, because the board needs to set the strategy for the organization.

In most mature organizations, the CISO now reports to the CIO to help ensure faster response to cyber incidents, the panelists said.

Meanwhile, Dutta said, more organizations are adopting a self-service model where automation is the name of the game. “Since automation is enhancing the capabilities around detection and visibility into networks and apps with the help of machine learning data science, security teams are working closely with both CIOs and CTOs in bridging the gaps,” Dutta said.

Although understanding risks is critical for both the CIO and CTO, the first steps toward securing the ecosystem should come from the CISO and his team, the panelists concluded.


About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Vice President - Conferences, Asia, Middle East and Africa, ISMG

Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a group editor for CIO & Leader, IT Next and CSO Forum.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.