Changing The Tenor Of The Conversation
Any CISO worth his salt could easily sit down with a top executive and discuss the issues surrounding today's complex regulatory landscape when it comes to protecting critical information. Our world is fraught with government rules like HIPAA/HITECH, SOX, PCI, FERPA, etc. Fines, penalties, loss of reputation, and loss of business–these are all real threats that we face, but what impact are they having? If government enforced penalties are really effective, then why are we still seeing breaches of sensitive information? Breaches are not declining–they are on the rise at an alarming rate.
Everyday my inbox fills with stories of horror where thousands upon thousands of customer records are disclosed. When will organizations start to realize the true impact to the lives of those people whose information we carelessly took for granted? In many of these cases, the breach could have been easily prevented by some of the most common security controls, encryption at the top of the list.
Let's take the financial industry, for example–every day I go to work to provide for my family. The company I work for pays me for my time that I spend providing valuable output to grow the organization. That money represents a part of my life that I can never regain. When an employee walks out of the building with my information on a laptop or USB drive that is not encrypted and loses it–they lose more than just that information; they lose part of my life.
Here's another example - If a healthcare organization discloses a large amount of patient data and loses patient confidence it can have a much farther reaching effect. Studies have shown that patients who do not believe their healthcare organization protects their information are much less likely to disclose sensitive information about their condition. Let's say a patient presents to their physician with a lump in a sensitive area of the body. In this case, the patient has lost confidence in this particular healthcare provider because of a recent breach that was just all over the news. Due to this lack of confidence, the patient doesn’t fully disclose about the lump–time passes, the lump grows and turns out to be cancer. In a lot of cases, cancer can be more easily treated with early detection; however, since the organization didn’t take, in most cases, the most basic of precautions, the patient now has a terminal illness and it costs the organization many times more to treat than it would have to begin with.
Oftentimes I sit with providers, business executives and other leaders and try to explain the importance of information security; yet I see the glossed over look when I talk about the fines, the penalties, the policies and the harm to the organization. That look becomes intense interest when I change the subject to how it affects our customers, our patients–the people.
CISO's have got to start speaking the language of their executives. In most cases, C-levels really don’t understand or care too much about the technical jargon. How many viruses did you stop? How much SPAM or phishing did you thwart? Not important–how many lives did we change today? That's the real question.
If you are serious about building an effect information security program, change the tenor of the conversation. Help them to understand you’re not just protecting data; you’re protecting their most precious asset–your customers.
Architecture Is Architecture Is Architecture
Transparency: The Universal Value-add
"The architect" guiding principles
Simplifying Enterprise Architecture (EA) - An Overview
By Nancy S. Wolk, CIO, Alcoa - Global Business Services
By John Kamin, EVP and CIO, Old National Bancorp
By Gregg T. Martin, VP & CIO, Arnot Health
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Bryson Koehler, EVP & CIO, The Weather Company, an IBM...
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Lowell Gilvin, Chief Process Officer, Jabil
By Dennis Hodges, CIO, Inteva Products
By Gerri Martin-Flickinger, CIO, Adobe Systems
By Walter Carvalho, VP& Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Kushagra Vaid, GM, Server Engineering, Microsoft
By Steve Beason, Enterprise CTO, Scientific Games
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Alberto Ruocco, CIO, American Electric Power