Many of the Chief Information Security Officers (CISOs) and security executives that I talk to tell me that they are always craving information. It always seems as though while some parts of their job responsibilities are under control, they think that other areas need more of their attention or could be more efficiently managed. Since they typically have limited time, limited information and limited resources, they look for sources of information that are tailored for their specific needs, making the information easy to consume and highly valuable. One such source of information for security executives is… other security executives. Most, if not all of the CISOs that I talk to, rely on other security executives in the industry to provide insights into topics they are interested in. When they can get valuable information and advice on an important topic from someone doing a similar job in another organization, they typically are willing to listen and engage.
Since I have the opportunity to discuss security topics with many security executives around the world, I thought it would be helpful to share some of their insights on important security topics with the broader security community. Trustworthy Computing has developed a couple of “CISO Perspectives” articles to do this.
Today we are releasing a CISO Perspectives article providing insights on the challenges, success factors and potential solutions on the topic of risk. This article includes commentary from CISOs representing some of the world’s largest organizations. Our aim is to share and highlight some of the key things that CISOs and information and security risk specialists might want to consider in relation to risk management.
This article discusses approaches to identifying and understanding risk and suggests resources for identifying, quantifying, measuring and mitigating risk. It includes perspectives from some industry leaders including:
- Jerry Pittman, Director, Global Information Security, Cummins Inc. Cummins Inc designs, manufactures, distributes and services engines and related technologies, including fuel systems, controls, air handling, filtration, emission solutions and electrical power generation systems. More about Cummins Inc.
- Greg Schaffer, Chief Information Security Officer, FIS Global. FIS Global provides banking and payments technologies and serves more than 14,000 institutions in over 100 countries. More about FIS Global.
- Bret Arsenault, Chief Information Security Officer, Microsoft. Microsoft IT drives global IT services for Microsoft, and develops and delivers new ways for customers to improve the operational efficiency of their desktop environments. More about Microsoft.
If you are responsible for managing risk in your organization then I strongly encourage you to check out this new article and I welcome your feedback below. In our next blog post we will publish the second CISO Perspectives article on another topic that I know is top of mind for many security executives, regulatory compliance.