Express Computer
Home  »  Security  »  Security is foundational and is a key enabler for digitisation

Security is foundational and is a key enabler for digitisation

Ramchandra Hegde, Vice President, Global Information Security, and IT Compliance, Genpact explains how the CISO's role is multi-dimensional, the type risks they face and how security is a key enabler for digitisation

0 1,388

What are the challenges faced by CISOs on the InfoSec front?

While the specifics will vary by industry and company, the CISO role is multi-dimensional, having aspects spanning strategy, operations and execution, risk management and regulatory compliance. CISOs have to understand an organisation’s business objectives and imperatives, its risk appetite and threat and regulatory landscape, and accordingly build and run a program, which involves influencing and orchestrating a number of moving parts across the enterprise – all in an environment of rapidly evolving threats, technological changes and ever increasing digitisation. Additionally, having core internal security capabilities is a requirement for most organisations, and in the current situation with demand far outstripping supply, getting and keeping the right talent is a big challenge.

On one hand when the wave of digitisation is shaping the future of businesses, it’s also bringing along the challenge to robustly secure the very critical customer facing and the native IT infrastructure. How do you see this challenge?

Security is foundational and is a key enabler for digitisation and helping organisations build digital trust with their customers. First, core hygiene practices e.g. vulnerability management, identity and access management are critical and are baseline measures. Second, security controls specific to cloud hosting (configuration management and visibility), and digital asset security (dynamic and static testing) need be in place. Finally, newer concepts relevant to cloud and digitisation (containers, DevOps, IoT) need to be understood and appropriate security controls designed and integrated.

Please share some best practices to be followed to maintain a robust IT security posture.

There is no silver bullet. While the latest advanced technologies and tools get a lot of attention and are required in some cases, there is no shortcut to following the basic principles and getting core hygiene in place across the key pillars of security – people, process, technologies, and partnerships. Also, while there is a lot of focus on acquiring security technologies, deploying them optimally and utilising their capabilities well is essential to realising the benefits. Security is also a risk management function, and it’s imperative to have the lens of risk and weave that into security processes.

How important is awareness as a good number of breaches happen either due to the insiders not following the security hygiene practices?

Again, a foundational element of security is people. There is also a distinction between being aware and a true behaviour or culture change – e.g. one might be aware of good practices yet not follow it if it is too difficult or they have not fully internalised the risk. Thus organisations should look beyond just awareness as in broadcasting good practices. Good design of systems and security controls and usage of “nudges” (concepts from behavioural economics) are examples of how an organisation can be more effective in this area.

What is your view on IT budgets? Are CISOs getting enough?

With the increasing broader awareness of the threat environment, impact of breaches and destructive attacks, and penalties under laws and regulations, I would think most organisations would understand the criticality of information security and support it with appropriate funding. Getting funding is only one dimension though, if, for example the technologies procured are not adequately utilised, the desired outcomes will not be met. Also, integrating security into processes and creating a security culture are all other critical aspects which must be addressed to get security right, so aside from funding, management needs to ensure there is broader overall support and sponsorship for the program.

Do CISOs have a say in board meetings?  

Given its criticality to businesses, information security is definitely an area for Board oversight, and while the specifics of which Committee(s), topics covered, frequency, etc., will vary by organisation, the CISO has an important role in ensuring the Board is apprised of the company’s infosec posture and addressing questions they have.

 

 

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image