t cht lk
“
CIOS MUST TREAT RISK AS SOMETHING THAT IS BOUND TO HAPPEN .
the credentials that grant access to that data and the underlying systems that can be exploited to access data inappropriately .
DW : Brand protection is another area that ’ s driving CIOs to look at such solutions . We ’ ve had conversations with CIOs that don ’ t really understand to a deep level what they need to be doing , but they know they need to protect their brand because this is where the breaches are happening and they don ’ t want to be in the news .
The CDSA solution itself is unique . That actually helps in our conversations with businesses and CIOs on mapping out their roadmap , because the vulnerabilities and the data that comes out of our assessment is quite often a surprise . The roadmap on what we do first is based on what information we get from the assessment . It provides a baseline to what ’ s important and what potentially needs to be addressed first .
SM : I think you have to establish a risk baseline as a first step to securing any organisation , as a reminder of what level of risk you are willing to tolerate . Every business is different . You must access your data workflow to find out what the key risks are that would damage your business and then plan to add resilience in an order based on the threats that each one poses .
It ’ s unlikely you will be able to cover every base . So to extract maximum value from your resource , you have to make sure you understand where your baseline is and apply
Sayed Mabrouk , CTO , Logix a frank approach . The other thing which is very important , is the segregation of audits . You should not depend on the administrator to get the audit – you must have the upper hand into your system so you can collect whatever you want without depending on the administrators . You can use a very easy tool like Stealthbits to help and give you all the required information with good dashboards , very easy access and configuration .
CE : I now advise CIOs to take a much more proactive approach to data security . They must be aware that there are security risks and threats which hit organisations when it ’ s least expected . So it ’ s important to stay on the watch with vigilant monitoring software . They must have pre-planned policies that cover risk monitoring and mitigation . CIOs must treat risk as something that is bound to happen , which means that using tools to identify potential risk will help them with their mitigation efforts . I also think that CIOs must take audits seriously . A security plan is not complete without regular audits .
In summary , I think for CIOs to ensure optimal data security , it can be achieved through a first-class , security-first culture across organisations , no matter the industry . Security should be treated as the number one priority and all employees must be trained and educated accordingly . It ’ s only through these continuous efforts that an organisation can achieve a sustainable level of resilience . • www . intelligentcio . com INTELLIGENTCIO
69