Many Chief Security Officers supporting Financial Services today are delivering empirical data to their management as proof of Security & Privacy compliance; however you need more tangible evidence to sell customers and partners beyond registry ticks and checks.
Most Fortune 500 CIO’s I speak with are worried the company’s reputation and brand highly valued by the board; “its hard thing to earn and keep -- harder to repair”
This does not mean endless amounts of investments aimlessly poured into Security & Privacy; rather a measured balance view is critical when making buying decisions. Additionally, you must level-set across your partner ecosystem. Your company could be 100% compliant, but when client data passes from your enterprise to your partner’s and they haven’t applied the same rigors -- “egg” is on everyone face when information leakage is detected.
Managing the FUD “Fear Uncertainty and Doubt” is becoming a full time job for CSO’s and top of mind with CIO when mission critical transactions are at steak. Business and Technology must work together thinking through processes end-to-end understanding and anticipating the “Chess Board” a few moves down.
Good practice starts with a scorecard tracking basic items like, new incidences, vulnerabilities thwarted, escalated & tracked, closed, and level of granularity of attack. Industry analyst’s clearly state threats are moving away from the operating systems and network now targeting applications.
One emerging software vendor focused on this application protection space is Cenzic, who provides breakthrough enterprise software and services for automated application security assessment and policy compliance testing. This platform allows corporations and government organizations to dramatically improve the security of commercial and custom applications. “Hailstorm” enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Using a Stateful Assessment™ approach, Hailstorm is able to provide highly accurate results with minimal false positives.
Post cards from the edge…