CIO&Leader_July 2017 (1)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
NEXTCSO Event Coverage<br />
T<br />
he worst thing about a security breach is<br />
neither reputation risk nor the data theft<br />
that compromises the privacy of an individual.<br />
The worse is the inability to learn<br />
from them - to turn the reactive approach<br />
to a strategic one.<br />
In the last one year, an average of 36.6M<br />
records has been stolen in India - a 14%<br />
increase from 2015. WannaCry and Petya<br />
are recent ransomware attacks that have<br />
yet again, raised questions about enterprises'<br />
security preparedness.<br />
Unfortunately, the cyber security professionals<br />
haven't been able to keep up. Apex<br />
body NASSCOM claims that India has a<br />
50,000 cyber security workforce; however,<br />
it predicts that we will need at least one<br />
million skilled people by 2020.<br />
According to ISACA’s State of Cyber Security<br />
<strong>2017</strong>, 37% of respondents say fewer<br />
than 1 in 4 candidates have the qualifications<br />
employers need to keep companies<br />
secure. The survey also reveals that almost<br />
27% of respondents state that they are<br />
unable to fill open cyber security positions<br />
in their enterprises—with another 14% of<br />
respondents unaware as to whether their<br />
enterprises could fill these positions or not.<br />
This leaves a quarter of cyber security<br />
positions unfilled, the survey reports.<br />
In the wake of mounting security incidents<br />
– over 27,482 reported in <strong>2017</strong>—<br />
the government is taking some concrete<br />
steps to appraise the role of the Chief<br />
Information Security Officer (CISO).<br />
Indian-Computer Emergency Response<br />
Team (CERT-In) mandates all ministries,<br />
departments and organisations to<br />
appoint a CISO and have strengthened<br />
the role to implement the right security<br />
controls while promoting a culture of<br />
defense. Banks and insurance companies<br />
have also been mandated by regulatory<br />
bodies such as RBI and IRDAI to appoint<br />
a full-time CISO by April 30 and to formulate<br />
an effective cyber crisis management<br />
plan by June 30 of this year.<br />
While the basic expectations from the<br />
CISO will continue to remain the same:<br />
information security (IS), information risk<br />
management (IRM), data protection, and<br />
oversight of audits, governance and compliance,<br />
as well as technical, operational,<br />
legal and regulatory risks.<br />
But the basics won’t be enough.<br />
With the business and threat landscape<br />
changing rapidly, CISOs will have to<br />
upgrade their skills and ensure that any<br />
cyber security strategy contributes to<br />
financial stability and growth, and embeds<br />
security in all of the organization’s plans.<br />
This means that organizations need to<br />
appoint someone on your board who’s not<br />
only dedicated to cyber security but also<br />
understands regulatory requirements and<br />
overall business strategy.<br />
Perhaps that’s what will make a nextgeneration<br />
CISO?<br />
The aim of NextCSO Awards <strong>2017</strong> is<br />
just that: To find exceptional individuals<br />
who have the ability to take on the top job.<br />
They are selected through a rigorous and<br />
comprehensive process that will evaluate<br />
professional achievements, management<br />
and leadership skills that are essential to<br />
the making of a next-gen CISO.<br />
Here’s a glimpse into the NEXTCSO<br />
Conference that celebrated the triumph<br />
and victory of 24 next-gen CISOs and 20<br />
NEXTCSO jury who handpicked them.<br />
<strong>July</strong> <strong>2017</strong> | CIO&LEADER<br />
9