CIO & LEADER-November 2017 (1)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Insight<br />
T<br />
The onslaught of cyberattacks has taught<br />
Indian organizations one important thing: The<br />
Chief Information Security Officer (CISO) is<br />
indispensable to a business’s survival. Cybersecurity<br />
exploits and material data breaches<br />
are contributing to changing attitudes about IT<br />
security programs.<br />
In order to discover how CISOs work, what<br />
they are doing, and where they should reside<br />
within the organization is key to strengthening<br />
their capability - The Ponemon Institute and<br />
F5 Networks collaborated on a global research<br />
study—The Evolving Role of CISOs and Their<br />
Importance to the Business. The following findings<br />
present key takeaways from the IT security<br />
leaders in India.<br />
Security is becoming a<br />
business priority<br />
According to the report, 57% of respondents<br />
have experienced big developments that are<br />
driving change in their attitudes about their<br />
security programs. However, 49% respondents<br />
believe their organization<br />
“Organizations<br />
are finally<br />
realizing the<br />
need for a<br />
stronger security<br />
posture in<br />
organizations"<br />
considers security to be a<br />
business priority.<br />
CISOs believe in<br />
the importance of<br />
an executive-level<br />
security leader<br />
According to the CISO<br />
report, 56% of respondents<br />
believe that there is a<br />
need for an executive-level,<br />
enterprise-wide responsibility<br />
role. This, in their<br />
opinion, is the most important governance practice<br />
for organizations. A similar percentage of respondents<br />
feel that the creation of a cross-functional committee<br />
to oversee IT security strategies is must.<br />
Companies need stronger<br />
policies to protect themselves<br />
from insider threat<br />
A total of 31% of respondents have had employees<br />
and supervisors are held strictly accountable for IT<br />
security infractions and non-compliance.<br />
Assess the risks created by the<br />
Internet of Things (IoT)<br />
83% of respondents feel IoT will cause significant<br />
or some change to their practices and requirements.<br />
Most of these companies are setting new policies and<br />
standard operating procedures.<br />
Hold third parties to a higher<br />
standard of security<br />
Outsourcing security functions is still considered<br />
an important option. A total of 60% of respondents'<br />
organizations outsource an average of 36% of IT<br />
security requirements. However, respondents agree<br />
that outsourcing security functions is considered an<br />
important option, it does create risks.<br />
Invest in technologies to protect<br />
endpoints, applications, and data<br />
According to the findings, 23% of IT security posture<br />
will be less dependent on network security in the<br />
next two years, and more dependent on application<br />
security (31%) and endpoint security (30%).<br />
These important findings sum up one important<br />
thing: The appointment of a CISO that will bring the<br />
necessary change<br />
<strong>November</strong> <strong>2017</strong> | <strong>CIO</strong>&<strong>LEADER</strong><br />
19