Dedicated To IT Security Issues, Featuring News, Press Releases, IT Directory & Links
The role of the CSO is more challenging than ever concludes meeting of leading enterprise security executives at latest CSO Interchange
Published 12th June 2009
Survey finds the threat of penalties and fear of reputational damage is motivating UK CSOs to pursue regulatory compliance
London, UK – 8th June 2009 – A meeting of 32 of the UK’s leading enterprise security executives and industry experts at the annual CSO Interchange event in London last week highlighted the increasing challenges they face on a daily basis. A majority (64%) expressed the belief that the task of securing their network is more difficult today than a year ago. Just 7% thought it was easier and 28% felt it was the same as a year ago.
Regulation and compliance was one of many hotly debated topics amongst the group. An interactive survey revealed that 64% of Chief Security Officers (CSOs) comply with regulatory requirements because of the risk of incurring major penalties, reputational damage and/or the loss of vital licenses to operate. Just 16% claimed to be motivated by a belief that it would improve their risk profile or level of security and 16% claimed that regulations had no real influence at all on their actions.
What’s more a majority (66%) agreed that regulatory requirements were ill defined and left CSOs and organisations at the mercy of expensive consultative interpretation. A further 31% of the group considered existing regulations to be overly complex, burdensome and costly to implement and just 3.4% deemed them to be appropriate, fit for purpose and pragmatic to implement.
The research also revealed that 69% of CSOs felt that additional regulatory practices would most likely prove a positive distraction and hindrance to more effective risk management. Summarising the round table discussions among delegates on this subject, Marcus Alldrick, CISO of Lloyd's and a moderator for the round table on compliance added: “The predominant feeling of the group was that regulations were increasingly becoming prescriptive with the end customer specifically in mind, rather than principle based with organizations incorporating them in their business models. The group also commented on the resulting increased level of complexity for organizations operating across national boundaries where different regulations applied, which made the CSO job particularly difficult.”
The CSO Interchange event uses an interactive format and roundtable sessions to enable security executives and industry experts to discuss topical issues amongst peers and colleagues in an independent high-level forum. This year’s event also included a roundtable to discuss virtualisation and risk. It discovered that 73% of CSOs already have a virtual network in place with a further 15% in the testing and planning stage of deployment, although discussions indicated that securing these virtualised networks still posed significant challenges.
Qualys CEO and founder of CSO Interchange Philippe Courtot commented, “The discussions once again highlighted the difficult and complex role of the CSO: fighting organised crime, dealing with limited budget, educating users, responding to the business need for more third party interaction - which naturally increases security risks - and having to ensure that corporations answer regulatory requirements. Our job as a security vendor is to help CSOs meet these challenges in the most effective way possible.”
To find out more about joining the CSO Interchange and to download the full survey findings visit: http://www.csointerchange.org.
About CSO Interchange
Howard Schmidt, former White House advisor, and Philippe Courtot, Qualys Chairman and CEO, founded the CSO Interchange in 2004 to provide a forum for Chief Security Officers at corporations, government agencies and other organisations to exchange ideas, discuss challenges and learn from the real-world experiences of their peers. The event provides an independent forum for leading CSOs to discuss a wide variety of security issues that affect their organisations and reveal their top-of-mind concerns through interactive surveys. The concept started in the US in 2004 and there have been four successful events there including one this year at RSA in San Francisco. The recent CSO Interchange in London was sponsored by Qualys with the participation of KPMG. More information about CSO Interchange can be found at http://www.csointerchange.org/events/london-06-2009/