‘CIOs must focus on Defining and Implementing Risk based policies in enterprises’
Commitment as a Tech Head
With the emerging threat landscape, the role of a CIO/CISO has emerged much beyond just managing security and compliance. The need of the hour is to focus on beyond security to managing risks associated with the information, providing unified risk perspective to the Board of Directors, defining risk appetite of the organization and defining the right controls to maintain cyber resilience and manage the threat landscape of the organization.
Today’s CISO/CIO must be an excellent communicator and be able to convince the board as well as business about the current level of information risk to the organization in easily understandable terms. The focus of CISO/ CIO would not only lie in defining the policies but also implementing the same within the enterprise which would include training and monitoring of employees within the organization. At SDG, we have a well-defined security program with training as one of the essential elements.
Cyber security will drive most of the technology and product investments for 2018. We are focusing on AI, analytics, cognitive and cloud computing as few priorities for 2018. In addition, we are working on enhancing our IRM (Integrated Risk Management) product TruOps with focus on cyber security. Other key drivers for 2018 would be RPA, GDPR, blockchain, integrated IRM/GRC solutions to name a few.
Investment Plans for FY 18-19
The investment plans will depend on the amount of preventive controls and defense mechanisms the Organization already has in place and on the risk appetite of the organization for future deployments. It is needed that the organization does a thorough risk assessment of their current security landscape before making security investments. Simple, adaptable and forward thinking products which are easy to deploy should be implemented.