With cyberattacks making headlines almost on a daily basis, the role of the chief risk officer (CRO) is important now more than ever before. In addition to analyzing, monitoring, predicting, mitigating and evaluating many types of risks and conditions, chief risk officers (CRO) are held responsible for ensuring compliance to rapidly evolving industry regulations and analyzing IT operations to prevent data leakage.
Over the past few months, airport security hasn’t exactly made good headlines. Except for Miami International Airport. Unlike other airports across the U.S., Miami International Airport screens all employees that enter and exit the secured area of the airport. Miami has four checkpoints for employee screening, seven access gates for inspections of vehicles entering into the airfield, random background checks of employees and a mandatory security awareness class. Last year, the airport confiscated 209 employee ID badges for security violations. The airport has nearly 38,000 employees with ID badges, and 35,000 who have access to restricted areas. I spoke with Lauren Stover, Director of Public Safety and Security at Miami-Dade Aviation Department at the Miami International Airport (MIA) about the proactive stance that she and her team take each day.
Congratulations, security executives, soon you will officially be the “corporate rock-star.” That’s according to one industry analyst, Ted Schlein, who is also a general partner at Kleiner Perkins Caufield & Byers. In the article, “The Rise of the Chief Security Officer: What It Means for Corporations and Customers,” published by Forbes, Schlein wrote: “For business leaders today, no task is more important than ensuring confidence and trust in the organizations they lead. The boardroom has woken up to the importance of security – and to the enormity of what it will take to protect company and consumer data from attacks.”
As far too many companies victimized by data breaches can attest, we are in a “blame the victim” environment, where the breach victim is treated like an accessory to the crime. Time and time again, Congress, regulators, the courts and the media treat victim companies as if they are guilty until proven innocent, or rather “negligent until proven reasonable.”
In early April, Wall Street’s oversight committee announced that bank’s oversight of cybersecurity measures at outside firms it does business with remains a work in progress, at best. It cited a survey of 40 banks that found that only about a third require their outside vendors to notify them of any breach to their own networks, which could in turn compromise confidential information of the bank and its customers.
What does leadership mean to you? We all have our own ideas about what it means to be a good leader. For example, some people think leadership means guiding others to complete a particular task, while others believe it means motivating the members of your team to be their best selves. But while the definitions may vary, the general sentiments remain the same: leaders are people who know how to achieve goals and inspire people along the way.
Spring is here. And it could not have come soon enough, after a particularly difficult winter for most of the U.S. Record-setting snow falls, flooding, and extreme cold temperatures plagued businesses, homeowners and travelers from November through March. Businesses shut down, flights were grounded, and many people were forced to hunker down and stay home.
According to frequent headlines in the press, cybersecurity is an issue that has seized the attention of corporate boards and the executives who report to them. The reality is probably more nuanced. Although the largest companies in some sectors are engaged in extensive risk management efforts, the broader business community in the middle market remains at best uneven in its response, says Matthew F. Prewitt, partner with law firm Schiff Hardin in Chicago, chair of Schiff Hardin’s data security and privacy team and co-chair of the trade secrets and employee mobility team.
Walk through the show floor at ISC West in Las Vegas next month and you’ll see hundreds of security products peddled by vendors wanting to sell you the “latest and greatest” in security technology. But sometimes, you don’t need technology as much as you need someone to sit down with you and have a frank and honest conversation about what you should or should not install in your enterprise. Then you can talk technology, right? Of course, it all depends upon your situation, your environment and the risks that you are trying to mitigate, but who wants to be sold something that they don’t need or can’t use?
Want happy employees? It’s more than the occasional catered office lunch. It’s providing an environment where employees can be productive, collaborate with colleagues and find creative ways to power through their to-do lists. Mobile devices play a primary role in this movement, but so have the widespread adoption of public and private cloud applications, which have provided workers access to their files, and each other, anywhere, anytime and from any device.
Thinking of building your own Global Security Operations Center? Learn from four leading enterprises about how they developed or modified their GSOCs to bring the most value to their enterprises. Also in this issue: how to attract better cybersecurity talent, healthcare data compliance, working with integrators to test security technology, the 2017 ISC West Product Preview and much more!