Roundtable: Securing Information in an Unsecure World (Calgary)
On June 5, 2014 The IT Media Group brought together 13 CIOs and information security executives from a variety of private and public-sector organizations to discuss “Securing Information in an Unsecure World”. Sponsor for this CIO Master Series Roundtable was Symantec Canada, represented at the table by Sean Forkan, Vice President and General Manager.
The participant-driven discussion revolved around strategies, techniques and ideas for improving IT security while meeting the needs of the business.
Key topics included overcoming organizational impediments to security, obtaining more budget, using a crisis as a means of boosting security investment, value of penetration testing and social engineering, most worrisome aspects of IT security, lack of support from government and security agencies, reputational risk resulting from a security breach, need for a cultural shift in IT, building the security team, and meeting user needs.
An overarching theme of the discussion was the need for security to be unobtrusive to business users. Especially in view of the fact that the business is taking a more proactive role in acquiring and implementing IT solutions, the IT organization and the security team must find ways of accommodating user needs. Rather than saying ‘no’, ways must be found to enable users to use the tools that they need to do their jobs more effectively.
Acquiring adequate funding is a challenge that all roundtable participants face, but they are finding various ways to sell security. These include showing the business advantages for doing it (e.g. improved analytics, operational savings), doing a broad risk assessment, doing a better job of educating senior management around security, and using a crisis as a lever for more investment. The latter approach is not without its drawbacks, however, as it can erode confidence in the security team and take money from strategic priorities.
Some participants noted that there is a shortfall of good security professionals in the Calgary area. Too many are old-school security types, whose approach is to lock things down and say no to business users. Though some may be very technically proficient, they often lack the social skills to work effectively with the business. Most have a computer or electrical engineering background. There is a need for the educational system to produce better qualified security professionals. It was suggested that a multi-disciplinary Masters level program be offered by universities. The University of Calgary has a group that is focussed on this issue and it is looking for input from industry.
The high level of engagement at this roundtable demonstrates once again that interest is high in sharing knowledge and experience around IT security. While everyone encounters similar problems, the approaches to solving them can be quite different from company to company and industry to industry, and participants always leave these sessions with valuable insights and new ideas. This conversation touched on many areas but it was evident that there was still much room to explore these topics more deeply.
Session Highlights Videos
Getting more money for security
Putting a value on security may be challenging, but it may be dangerous to leverage public security incidents for additional budget.
Getting the right people on the security team
Security professionals need to be enablers and marketers more than naysayers.
Security and the IT organisation
Getting IT on board with information security.
The value of penetration testing
How far must testing go to be effective?
Post session interviews
Steve Scharien, Symantec Canada
Dan Chervenka, Manager, IT Governance & Security, Athabasca Oil Corp.
About CIO Master Series roundtables
Roundtables produced by The IT Media Group provide the ideal format for frank and open discussion among IT executive peers, allowing them to explore issues in depth, with a judicious amount of expert facilitation. These sessions are designed specifically for small groups of IT leaders, enabling them to take away practicable new approaches, validate their own thoughts, brainstorm ideas, and share their successes and their pain.
IT executives interested receiving notification of upcoming CIO Master Series roundtables, please complete the VIP membership form on the right of this page, including business email address.
IBM and the IBM logo are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide.