Security Strategy Needs Strong CEO

Wednesday, April 18, 2012 @ 07:04 PM gHale


Editor’s Note: This is an excerpted column taken from the Practical SCADA Security blog at Tofino Security.

By Ernie Hayden
In reading about critical infrastructure protection and cyber security issues every day, I’m beginning to see a theme in our industry that is of special interest to me – cyber threats.

When I attended the RSA Conference at the end of February, the first day of the conference included an announcement from Carnegie Mellon and RSA about the results of a survey conducted by Carnegie Mellon’s CyLab regarding governance of enterprise security. Using the Forbes Global 2000 list, the CyLab survey revealed most corporate executives and external boards of directors are still not involved in governing their company’s cyber security strategy.

RELATED STORIES
SCADA Firewalls Need to be Stateful
Defense in Depth: Layers to Bank On
How to Stop Stuxnet’s Children
Justifying Security Investment

Sadly, the CyLab survey is on the mark and we need more leadership from corporate boardrooms and executive suites to help chief information security officers be successful in this very dynamic world of cyber threats.

That theme is underscored by a recent item in Insurance Daily under the headline: “Directors must wake up to cyber threats.”

Not only should corporate boards grasp how exposed their companies are to the digital threat environment, but they should gain some understanding of the cyber threats they face and to make sure adequate procedures are in place to mitigate the consequences of a serious data breach.

So, what does this mean? Leadership from the top is vital in setting cyber security policies and defenses. It is important for all employees and corporate contractors to be diligent about protecting the corporate assets – including data and information.

At Verizon we have found this sensitivity cannot be easily “pushed up” from the CISO but really needs to have the tone set by the CEO and board.

I don’t think anyone ever said cyber security would be easy. However in today’s environment of attacks and threats from cyber criminals, nation-states and the disgruntled employee should be top of mind with corporate boards and the executive suite to make sure every employee remains at the front line of defense.

Verizon just released the 2012 Verizon Data Breach Investigations Report (DBIR), the company’s landmark report series that examines the state of cyber crime and data breaches around the world. Be sure to send copies to your board members, your chief executive and executive team so they can gain a perspective of the global security trends and how to better protect your enterprise.

Ernie Hayden, CISSP, CEH, is the managing principal – energy security at Verizon Global Energy & Utilities Practice. His email is ernie.hayden@verizon.com.
Click here to read the full version of the Practical SCADA Security blog.



Leave a Reply

You must be logged in to post a comment.