How is the role of a CISO evolving with time and pressure?
IT security primarily dealt with safeguarding one’s organization from external threats. As the threat landscape now has changed and organizations have become increasingly vulnerable with each passing day, the role of a CISO also started evolving. Earlier, a CISO’s responsibility was to look into anti-virus or firewall that dealt with external threats. Now, they have to look into compliance, internal threats, risk, governance and many other factors that are not limited to patching a software or just keeping the systems up to date. This is how I see the change in CISO’s role. Nowadays, the CISOs are also directly reporting to the board members of the company, such is the importance of security.
What is the major gap in the Enterprise Security Space?
Skills shortage has been one of the evident gap in the enterprise security space. Even the role of a CISO is not excluded from it. Very few people understand threats and their consequences. Very few peers now a days are hands on. The knowledge is limited to the conventional methods of threat prevention like firewalls, anti-virus or a data leak prevention. There is lot more to it. The CISOs should get the threat intelligence, day in and out. The skill shortage in terms of Intelligence gathering is also there. They don’t want to get into details of the issue or the threat. They also sometimes look at other peers for help, which is a good thing, but I would suggest to enhance their skills and look at improving the skills on visualizing the threat, governance and looking into granular details.
What are your expectations from a service provider?
The first one would be the trust between a service provider and a customer. If the trust is maintained between the service provider and the customer, they can see a much benefited project outcome. The second thing is transparency. During the project negotiation, when the customer complaints about the high cost, the service provider should put transparency on the table and inform them about the net price and margins.
As a CISO, how do you gear up to best protect your organization from an outsider as well as insider threats?
People do not have to be product centric, they have to be technology centric or even process centric. It is not how good or bad the product is, it depends on the infrastructure that is being run, the kind of data stored or the kind of customers and the kind of operations. Once that is clear, then the CISO can look into the kind of data visibility they have. If they have a data visibility, they get a clarity on the kind of mitigation they need to put in place. They need to be technology centric and should look at cryptography, Vulnerability mitigation, securing the parameter, endpoint security, etc. The CISO should look at the technology and what kind of controls they need to put in place to mitigate the threats. Threat visualization is one of the core areas where a CISO needs visibility & need to practice more.
Digital forensics— as a concept and demand— is evolving quite rapidly since the last few years. How effective a tool can this be to nab the cyber intruders?
Digital forensics is one of the booming area right now and forensics have been in place since past 50 years. Earlier, only Law and Enforcement agencies used to do forensics. Now there are other people who do crime investigations and digital forensics. There is a lack of awareness about digital forensics between the customers and service providers. If there is a data leakage incident in the company, and the person in charge is not aware about the best way to handle it, Law and Enforcement Agency- should be notified immediately and asked for a digital forensic expert. If we just format the system, we are deleting the investigative clues. If we ourselves deal with the data, the court of law might also not accept this data as an evidence as the might be manipulated intentionally or unintentionally. Digital forensic experts will certainly play a major role but there is a huge gap in awareness.