Every CISO’s Mission: Keeping Corporate Data Secure
The mission of the chief information security officer and the corporate security team is to protect the company’s critical assets from risk of a breach.
1 July 2015
The mission of the chief information security officer (CISO) and the corporate security team is to protect the company’s critical assets from the risk of a cyber-security breach. The CISO is ultimately responsible for the overall safety and security of the organization’s infrastructure. With an array of security processes all requiring internal and external collaboration with global security teams, the CISO needs a secure tool for highly regulated industries and one that is user-friendly enough to promote internal user adoption.
Security Incident Handling
One of the most prominent moments in the life of a CISO is security incident handling which is when a potential breach of the company’s critical assets may be observed. If after an incident has been identified, the CISO needs to act very quickly to contain and eradicate the source of the problem and mitigate future risk.
During the investigation period, the team may be sharing a large volume of sensitive information with third parties such as legal counsel, incident handlers, and even law enforcement. Information shared may include confidential documents such as a company’s security model and vulnerabilities — this intellectual property must be protected with utmost security. Imagine if this information were to fall into the hands of competitors? This would be a very bad scenario for the CISO and the company as a whole. With that said, the CISO needs a secure solution to share this information and a means of maintaining lifetime control over this data when it is shared outside the firewall.
Preparing for an Audit
Another very important activity that takes place in the CISO’s office is auditing. Very often, audit teams will come on site (or perform remote audits) to do an assessment of the company’s security model. The auditors may request access to a variety of evidence including policy statements, screen shots, log files, and user guides. With a secure solution in place, the CISO’s team can easily compile, organize, and share this information quickly to give auditors’ access as required. At the end of an audit, the CISO will ideally be able to retract the sensitive content that was previously shared with auditors to ensure the organization maintains full control over all information at all times.
All the security processes carried out by the CISO and his team involve collaboration and information sharing that need to be facilitated in a secure, and compliant manner. A secure enterprise collaboration solution can help streamline these processes, enable efficiency, and maintain compliance. Check out “A Buyer’s Guide to Enterprise Collaboration Solutions” for advice and guidance around selecting a secure and reliable solution that meets your organization’s needs.
Britany DiCicco supports the enterprise product marketing team at Intralinks focusing on market analysis, positioning, messaging and go-to-market initiatives. Britany’s previous experience at Intralinks included analyst relations, competitive intelligence, and marketing. She graduated from Northeastern University with a degree in Economics.