Vulnerability Management from the Perspective of the Chief Information Officer
The nature of Advanced persistent threats, stealth attacks and the catastrophic financial impact of security breaches keeps security at the forefront on the CIO's plate. In fact a recent SearchCIO.com's 2012 Role of the CIO survey showed Security and Privacy as one of the top 6 skills needed by CIO’s to succeed. That said, we understand that the CIO role is getting much broader – the list goes on - from new technical initiatives to tackle such as big data, cloud and mobility along with the continuing need to drive business alignment and operational efficiency. In spite of the urgency of IT and cyber threats, key challenges in aligning security with IT:
- Security planning & budgeting based on past year budget instead of perceived risk and is still separate from the rest of IT
- Cloud and mobility have brought security to the forefront but many initiatives are fragmented - focused on a single vectors or threat types
- Security platform such as SIEM and GRC fall short – too much data, complexity and long implementation cycles
- Security metrics miss business context and lack alignment with enterprise risk and corporate performance metrics
- Compliance efforts may be perceived as checkbox processes but risk, security, audit need alignment and visibility to ensure compliance efforts actually preempt attacks
- Leadership and coaching to address the dearth of advanced skills in IT and security – an opportunity for security assessment skills to be part of each IT role – make security part of everyone’s role.