CISOs must get a better handle on the effectiveness of their arsenals

As a CISO you know what you have for defending the enterprise, but do you know what works?

Your inventory of assets — a SIEM, firewalls, end-point anti-malware, mobile device management, threat intelligence — never get smaller. But are they doing their jobs? This is the question posed in a column by Avi Chesla, CEO of Empow Cyber Security Ltd., an Israeli startup that sells a platform that promises greater visibility into enterprise security architectures.

Aside from the fact that the company has a card in the game, it’s a good question and one which CISOs need to answer.

There’s no shortage of vendors pounding on the doors of infosec pros with either new or updated solutions. Is ransomware the latest attack problem? You need software tailored just for that! Worried about increasing reports of insider threats? Install this! Pressured by the board to show more return on investment? Automate!

For his part Chesla does pose a number of questions that CISOs should be thinking about from their perch above the fray. These include

• How efficiently are the products in my security architecture doing the job they were bought to do?

• How accurate is each product or service?

• Are the products really meeting my business security compliance requirements (e.g. PIPEDA, PCI DSS, etc.)?

• Can I break down my security apparatus and “see” each product’s contribution?

• What would have happened if I had disabled a product?

It isn’t easy being a CISO today — nor will it for as far out as we can reasonably see — with new threats and combinations of threats from well-funded adversaries expected to be in their faces. Encrypting data, strict access control, two-factor authentication and user behavioral analysis will tremendously decrease risk, but more will be needed.

“It’s time we shine a light into our security systems, and bring the knowledge, and the control, back to organizations,” writes Chesla.  “Achieving this goal will mean a streamlined, more effective security apparatus, with vastly improved security ROI.”  Hard to disagree with that.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now