Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

5/25/2012
05:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Report Reveals Major Shift In CSO Role And New Trends For Risk-Based Security Practices

Wisegate report discusses how IT organizations can up their security game

AUSTIN, Texas--(EON: Enhanced Online News)--Austin-based start-up Wisegate, the anti-social, social network, released a new report that shows a major shift in the role of CSO with risk management as an added responsibility. In a recent Wisegate CSO member discussion, CSOs across industries confirmed their shifting role and offered a number of major takeaways for CSOs and other IT security professionals who are being asked to balance this increasing responsibility with the tensions that are often present between security and risk groups and goals. The study discusses how IT organizations can up their security game by doing a better job at measuring and using risk information to develop security practices. CSOs share their candid viewpoints on why it is important to let risk data set security priorities.

“What are the top two drivers for your information security/risk management program?”

Leaders of forward-thinking organizations understand the need for more pervasive risk awareness – and are far more focused on enterprise-wide education, collaboration, and communications. The new breed of CSOs is taking systemic approaches to security issues that span legal, business operations, finance, and human resources.

As noted in Wisegate’s most recent study, IT security leaders agree that CSOs are increasingly asked to provide input about, and even take responsibility for, risk management teams and programs in addition to information security. Wisegate members are some of the most experienced IT and infosecurity executives and managers in the world. Because of their positions and levels of responsibility, Wisegate members are often on the forefront of industry trends related to the use of information technology and the protection of enterprise data and intellectual property.

According to a poll conducted during the Wisegate CSO roundtable, close to 100% of participants said they have combined information security and risk management responsibilities.

As one Wisegate member, a CSO from a leading communications company, commented: “Today we no longer have two teams; today's information security professional also has to be a risk management professional. The program we built under security risk management has now become the framework we're using for enterprise risk management.”

As part of this shift in CSO responsibilities, organizations are spending more on risk management. A recent Wisegate poll asked members, “Can you please comment on whether you see spending on security/risk management initiatives trending in parallel to your overall IT spend, or is there more/less focus on funding security/risk management initiatives when compared to overall IT spend?”

While 60% of Wisegate members said they expected no change, a full 40% said they expected increase spending on security/risk management, with no members expecting a decline in spending on security/risk management.

In another poll, Wisegate members cited compliance requirements as the primary driver for increased risk management responsibilities. Members were asked: “What are the top two drivers for your information security/risk management program?” Responses were:

Compliance requirements: 73% General threat landscape: 53% Right thing to do (we prefer to initiate change rather than react to events): 33% A recent security ‘close call’ without external reporting requirements: 26% A recent security incident requiring external notification: 20%

“Wisegate’s CSO roundtable brought together IT security leaders from brand name companies who candidly discussed how the role of CSO is evolving and the impacts to their organizations,” said Sara Gates, Founder and CEO of Wisegate. “Wisegate’s members agreed that executive leaders are looking for CSOs who can be strategic thinkers as well as IT administrators. Future CSOs will need to understand business risk and its influence on everything from developing privacy policies to preparing disaster recovery plans.”

To request a copy of Wisegate’s report titled “CISOs Share Advice on Managing Both Information Security & Risk,” please visit: http://www.wisegateit.com/resources/downloads-risk-mgmt-report.

If you think you’d like to join Wisegate and meet the qualifications, go to http://www.wisegateit.com/request-invite/ and request an invitation to join.

About Wisegate

Wisegate (wisegateit.com) is a social knowledge network for senior professionals. By enforcing strict membership guidelines and barring vendor ads and sales hype, Wisegate is the first and only private professional online community to foster high-value collaboration, conversation and content-sharing by a network of one’s true peers. Wisegate’s first community is for senior Information Technology (IT) professionals, with others rolling out according to market demand. Wisegate Inc., a privately funded company with headquarters in Austin, Texas, was founded in 2010 by Sara Gates, a respected industry veteran of several start-ups and large enterprise IT companies.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security Compass,  1/13/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).