Michael Chertoff & Jim Pflaging talk with Jeff Frick at the Four Seasons Hotel in East Palo Alto, CA.
https://siliconangle.com/2017/08/28/former-dhs-secretary-says-corporate-boards-must-manage-risks-expectations-tcgsecurityseries-guestoftheweek/ #theCUBE #BeyondTrust #ChertoffGroup #SiliconANGLE
Former DHS secretary says corporate boards must manage risks and expectations
Data breaches in the enterprise are no longer just a minor irritant. They have become a fact of life — a situation that brings renewed focus to the role that boards of directors should play in a company’s cybersecurity strategy.
But the challenges facing corporate boards are also tough, because the reality of today’s cybersecurity world is that building a secure perimeter around information technology infrastructure simply doesn’t work anymore. Intruders are going to get through, so it becomes more a strategy of risk mitigation, prepared to handle breaches when they occur. This is the kind of message that chief information security officers are bringing to their boards.
“You’re managing the risk, and you’re not guaranteeing that nothing bad will happen. That sense of managing expectations is critical for the board,” said Michael Chertoff (pictured, right), former secretary of the Department of Homeland Security and co-founder and executive chairman of The Chertoff Group LLC, a global advisory firm.
Chertoff spoke about board responsibility and other topics with Jeff Frick (@JeffFrick), host of theCUBE, SiliconANGLE’s mobile livestreaming studio, at the Chertoff Group Security Series “Security in the Boardroom” in Palo Alto, California. They were joined by Jim Pflaging (left), principal and technology sector and strategy practice lead for The Chertoff Group, to discuss the results of a recent study on board security program awareness, how corporations should approach security issues, the importance of data privacy and the ongoing quest to bridge public and private sector interests. (* Disclosure below.)
This week theCUBE features Michael Chertoff and Jim Pflaging as our Guests of the Week.
Study shows board knowledge gap
The Chertoff Group recently conducted a study based on interviews with more than 100 senior executives. The study showed that large, public U.S. companies in the critical infrastructure sectors (finance, healthcare and telecommunications) were well-versed in cybersecurity practices. “It’s been discussed; it’s part of a risk management program,” Pflaging said.
But directors for companies outside of those critical sectors self-reported that they were not where they should be on cybersecurity education. And their companies, more often than not, did not have the kind of robust plans and knowledge to deal with the rising threat landscape.
“I really sympathize with small and medium enterprises which simply don’t have the money to invest in terms of building up a whole standalone security system,” said Chertoff, who described alternatives such as outsourcing security functions to managed intelligence and information services. “Even if their heart is in the right place, they just don’t have the scale to do what a major bank can do in terms of an operations center.”
This dilemma will force corporate boards to examine security options in much the same way that a patient manages his or her own health. “You don’t go to doctor and say, ‘I want you to guarantee I’ll never get sick,’” Chertoff explained. “The doctor would throw you out of the office, or they’d have you committed.”
Instead, the focus should be on how to build a healthy immune system to repel and eliminate attacks. “If the board wants to understand what are the most important parts of our corporate body we have to protect and how to build layers of defense to keep us healthy, then I think you can have an intelligent discussion about how much investment is enough,” said the former DHS Secretary.
That level of investment has become a key focus of board-level cybersecurity discussions and is leading many executives to talk openly about the correlation between IT spending and reducing business risk. Boards know they must protect the company, but they need guidance from the CEO or CISO on where to make the best investment in technology.
Private sector focus on data privacy
The challenges of enterprise security management also involve data privacy protection. Technology platforms such as personal voice-activated assistants like Amazon’s Alexa or connected devices in cars and home appliances are raising concern that a company could increasingly end up knowing more about a particular user than anticipated.
.....
” (* Disclosure: TheCUBE is a paid media partner for The Chertoff Group Security Series “Security in the Boardroom.” The Chertoff Group LLC does not have editorial control over content on theCUBE or SiliconANGLE.)
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Chertoff Group Security Series 2017 | East Palo Alto. If you don’t think you received an email check your
spam folder.
Sign in to Chertoff Group Security Series 2017 | East Palo Alto.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For Chertoff Group Security Series 2017 | East Palo Alto
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for Chertoff Group Security Series 2017 | East Palo Alto.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Chertoff Group Security Series 2017 | East Palo Alto. If you don’t think you received an email check your
spam folder.
Sign in to Chertoff Group Security Series 2017 | East Palo Alto.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to Chertoff Group Security Series 2017 | East Palo Alto
Please sign in with LinkedIn to continue to Chertoff Group Security Series 2017 | East Palo Alto. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Jim Pflaging & Michael Chertoff, The Chertoff Group | Security in the Boardroom 2017
Michael Chertoff & Jim Pflaging talk with Jeff Frick at the Four Seasons Hotel in East Palo Alto, CA.
https://siliconangle.com/2017/08/28/former-dhs-secretary-says-corporate-boards-must-manage-risks-expectations-tcgsecurityseries-guestoftheweek/ #theCUBE #BeyondTrust #ChertoffGroup #SiliconANGLE
Former DHS secretary says corporate boards must manage risks and expectations
Data breaches in the enterprise are no longer just a minor irritant. They have become a fact of life — a situation that brings renewed focus to the role that boards of directors should play in a company’s cybersecurity strategy.
But the challenges facing corporate boards are also tough, because the reality of today’s cybersecurity world is that building a secure perimeter around information technology infrastructure simply doesn’t work anymore. Intruders are going to get through, so it becomes more a strategy of risk mitigation, prepared to handle breaches when they occur. This is the kind of message that chief information security officers are bringing to their boards.
“You’re managing the risk, and you’re not guaranteeing that nothing bad will happen. That sense of managing expectations is critical for the board,” said Michael Chertoff (pictured, right), former secretary of the Department of Homeland Security and co-founder and executive chairman of The Chertoff Group LLC, a global advisory firm.
Chertoff spoke about board responsibility and other topics with Jeff Frick (@JeffFrick), host of theCUBE, SiliconANGLE’s mobile livestreaming studio, at the Chertoff Group Security Series “Security in the Boardroom” in Palo Alto, California. They were joined by Jim Pflaging (left), principal and technology sector and strategy practice lead for The Chertoff Group, to discuss the results of a recent study on board security program awareness, how corporations should approach security issues, the importance of data privacy and the ongoing quest to bridge public and private sector interests. (* Disclosure below.)
This week theCUBE features Michael Chertoff and Jim Pflaging as our Guests of the Week.
Study shows board knowledge gap
The Chertoff Group recently conducted a study based on interviews with more than 100 senior executives. The study showed that large, public U.S. companies in the critical infrastructure sectors (finance, healthcare and telecommunications) were well-versed in cybersecurity practices. “It’s been discussed; it’s part of a risk management program,” Pflaging said.
But directors for companies outside of those critical sectors self-reported that they were not where they should be on cybersecurity education. And their companies, more often than not, did not have the kind of robust plans and knowledge to deal with the rising threat landscape.
“I really sympathize with small and medium enterprises which simply don’t have the money to invest in terms of building up a whole standalone security system,” said Chertoff, who described alternatives such as outsourcing security functions to managed intelligence and information services. “Even if their heart is in the right place, they just don’t have the scale to do what a major bank can do in terms of an operations center.”
This dilemma will force corporate boards to examine security options in much the same way that a patient manages his or her own health. “You don’t go to doctor and say, ‘I want you to guarantee I’ll never get sick,’” Chertoff explained. “The doctor would throw you out of the office, or they’d have you committed.”
Instead, the focus should be on how to build a healthy immune system to repel and eliminate attacks. “If the board wants to understand what are the most important parts of our corporate body we have to protect and how to build layers of defense to keep us healthy, then I think you can have an intelligent discussion about how much investment is enough,” said the former DHS Secretary.
That level of investment has become a key focus of board-level cybersecurity discussions and is leading many executives to talk openly about the correlation between IT spending and reducing business risk. Boards know they must protect the company, but they need guidance from the CEO or CISO on where to make the best investment in technology.
Private sector focus on data privacy
The challenges of enterprise security management also involve data privacy protection. Technology platforms such as personal voice-activated assistants like Amazon’s Alexa or connected devices in cars and home appliances are raising concern that a company could increasingly end up knowing more about a particular user than anticipated.
.....
” (* Disclosure: TheCUBE is a paid media partner for The Chertoff Group Security Series “Security in the Boardroom.” The Chertoff Group LLC does not have editorial control over content on theCUBE or SiliconANGLE.)
