When discussing cybersecurity, a color can make all the difference. I recently spoke with Christopher Camejo, Director of Threat and Vulnerability Analysis, for NTT Com Security, about the differences between a white hacker, blue hacker and black hacker, and a red penetration test.
Where within the enterprise the corporate security department reports is often more form over function. It may be personality driven, power driven or simply a corporate culture thing. Many companies have a hard time deciding where corporate security should report.
Congratulations, security executives, soon you will officially be the “corporate rock-star.” That’s according to one industry analyst, Ted Schlein, who is also a general partner at Kleiner Perkins Caufield & Byers. In the article, “The Rise of the Chief Security Officer: What It Means for Corporations and Customers,” published by Forbes, Schlein wrote: “For business leaders today, no task is more important than ensuring confidence and trust in the organizations they lead. The boardroom has woken up to the importance of security – and to the enormity of what it will take to protect company and consumer data from attacks.”
As far too many companies victimized by data breaches can attest, we are in a “blame the victim” environment, where the breach victim is treated like an accessory to the crime. Time and time again, Congress, regulators, the courts and the media treat victim companies as if they are guilty until proven innocent, or rather “negligent until proven reasonable.”
All too easily, there can be a vast disconnect between security and finance. Chief financial officers are looking out for every penny, and security departments can be frequently written off as cost centers. However, there has been growing involvement and partnerships in both directions, with CSOs now successfully proving security’s value to the enterprise and CFOs championing security and cybersecurity initiatives to better mitigate enterprise risks.