This document discusses how disruptive technology trends in 2013 such as cloud computing, social media, big data, and mobile device adoption will impact information security programs and strategies. It identifies gaps that security teams need to address to keep pace with these innovations, including boosting business and risk management skills, building relationships with middle management, tackling IT supply chain issues, and developing technical action plans around cloud computing, social media, big data, and mobile device competencies. The report provides perspectives from C-level security executives on how to navigate the changing landscape and ensure information security teams have the right skills and strategies to enable innovation over the next year.
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Director, DotSec, a sponsor company at the upcoming marcus evans Australian CIO Summit 2013, on how organisations can ensure information security becomes a business enabler.
This report addresses the common challenge of BMS cyber security and its underlying components. Vulnerable elements across a range of components were investigated, with the vulnerabilities potentially affecting more than 10 million people.
During the research, some of the risks discovered within these BMS components include the potential ability for threat actors to:
Remotely lock or unlock doors and gates;
Control physical access of restricted areas;
Deny service (shutdown controllers);
Manipulate alarms and video surveillance;
Control temperature, boilers, air-condition, windows blinds, gas readings, etc.
Through a detailed analysis of the affected components, we provide clear cyber security recommendations for end users, vendors and system integrators, as well as a thorough technical breakdown including Proof of Concept exploit code, which allow unauthenticated remote code execution against the affected BMS products.
https://applied-risk.com/resources/i-own-your-building-management-system
Information Security Governance: Government Considerations for the Cloud Comp...Booz Allen Hamilton
How users can take advantage of the cloud computing environment’s benefits without experiencing excessive security risks or new legal or regulatory compliance challenges.
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
This study provides insight into information assurance and mission assurance challenges posed by public cloud computing environments (CCE), and how accounting for those risks through acquisition security measures affect public CCE options.
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Director, DotSec, a sponsor company at the upcoming marcus evans Australian CIO Summit 2013, on how organisations can ensure information security becomes a business enabler.
This report addresses the common challenge of BMS cyber security and its underlying components. Vulnerable elements across a range of components were investigated, with the vulnerabilities potentially affecting more than 10 million people.
During the research, some of the risks discovered within these BMS components include the potential ability for threat actors to:
Remotely lock or unlock doors and gates;
Control physical access of restricted areas;
Deny service (shutdown controllers);
Manipulate alarms and video surveillance;
Control temperature, boilers, air-condition, windows blinds, gas readings, etc.
Through a detailed analysis of the affected components, we provide clear cyber security recommendations for end users, vendors and system integrators, as well as a thorough technical breakdown including Proof of Concept exploit code, which allow unauthenticated remote code execution against the affected BMS products.
https://applied-risk.com/resources/i-own-your-building-management-system
Information Security Governance: Government Considerations for the Cloud Comp...Booz Allen Hamilton
How users can take advantage of the cloud computing environment’s benefits without experiencing excessive security risks or new legal or regulatory compliance challenges.
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
This study provides insight into information assurance and mission assurance challenges posed by public cloud computing environments (CCE), and how accounting for those risks through acquisition security measures affect public CCE options.
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
Building secure apps and systems requires upfront and close coordination among many groups.
In this slidecast, George Hulme discusses how enterprise architects can drive that coordination and effect the required change that depends on it.
This white paper provides guidance for how to adopt an Intelligence-Driven Security strategy that delivers three essential capabilities: visibility, analysis, and action.
Where worlds collide: Agile, Project Management, Risk and Cloud?Livingstone Advisory
The new CIO is expected to be truly agile, deliver transformational value using new technology based services and have a deep understanding of, and engagement with the business – all whilst managing and mitigating risks. In addition to this, the CIO is also expected to be a ‘business partner’ in the real sense of the word. On top of these factors, Cloud is often seen in the eyes of business as a metaphor for timely change, and a convenient ‘get out of jail’ card in their push to lower IT cost, and collapse IT project lead times.
In this context, ensuring the effective orchestration if the various ‘best practice’ methodologies and frameworks in the areas of agile application development, project management and risk management, all whilst managing the whole ‘Cloud’ discussion is not a trivial task.
In this presentation, Rob Livingstone explores the key systemic and technical risks associated with the concurrent adoption and management of agile application development methodologies, project management, hybrid cloud and mobile devices within the enterprise in today’s volatile environment.
This whitepaper will help you to answer key questions such as: How will your organization protect itself from advanced cyber-attacks? What are you doing to detect suspicious behavior within the organization and beyond? What processes and tools will you implement to quickly respond to threats and quickly recover from the effects of an attack?
Preparing your enterprise against cyber-attacks is no longer a luxury but a necessity. And only those who have leveraged technology without any fear of being destroyed with a single cyber-attack can only be considered to have a digital advantage. This will not only enhance their performance but also put them one step ahead of the competition. Learn how cybersecurity is linked with digital maturity with the following link.
Big Data Case Study: Transform Marketing And Take More EMC
Big Data can change the way you market your products and services enabling you to achieve higher levels of personalization, customer satisfaction and experience. Join this live webcast for an interactive discussion about how EMC built a data-driven marketing science practice that is transforming how EMC does Marketing.
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
Building secure apps and systems requires upfront and close coordination among many groups.
In this slidecast, George Hulme discusses how enterprise architects can drive that coordination and effect the required change that depends on it.
This white paper provides guidance for how to adopt an Intelligence-Driven Security strategy that delivers three essential capabilities: visibility, analysis, and action.
Where worlds collide: Agile, Project Management, Risk and Cloud?Livingstone Advisory
The new CIO is expected to be truly agile, deliver transformational value using new technology based services and have a deep understanding of, and engagement with the business – all whilst managing and mitigating risks. In addition to this, the CIO is also expected to be a ‘business partner’ in the real sense of the word. On top of these factors, Cloud is often seen in the eyes of business as a metaphor for timely change, and a convenient ‘get out of jail’ card in their push to lower IT cost, and collapse IT project lead times.
In this context, ensuring the effective orchestration if the various ‘best practice’ methodologies and frameworks in the areas of agile application development, project management and risk management, all whilst managing the whole ‘Cloud’ discussion is not a trivial task.
In this presentation, Rob Livingstone explores the key systemic and technical risks associated with the concurrent adoption and management of agile application development methodologies, project management, hybrid cloud and mobile devices within the enterprise in today’s volatile environment.
This whitepaper will help you to answer key questions such as: How will your organization protect itself from advanced cyber-attacks? What are you doing to detect suspicious behavior within the organization and beyond? What processes and tools will you implement to quickly respond to threats and quickly recover from the effects of an attack?
Preparing your enterprise against cyber-attacks is no longer a luxury but a necessity. And only those who have leveraged technology without any fear of being destroyed with a single cyber-attack can only be considered to have a digital advantage. This will not only enhance their performance but also put them one step ahead of the competition. Learn how cybersecurity is linked with digital maturity with the following link.
Big Data Case Study: Transform Marketing And Take More EMC
Big Data can change the way you market your products and services enabling you to achieve higher levels of personalization, customer satisfaction and experience. Join this live webcast for an interactive discussion about how EMC built a data-driven marketing science practice that is transforming how EMC does Marketing.
White Paper: EMC Accelerates Journey to Big Data with Business Analytics as a...EMC
This white paper examines how EMC is exploiting the Big Data opportunity with a new agile model for analytics and reporting. Business-Analytics-as-a-Service (BAaaS) significantly reduces total cost of ownership and provides predictive analytics proficiency and increased business agility. The paper details BAaaS architecture, deployment, results, best practices, and early adopter use cases.
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEMC
This analyst report explains that organizations can no longer rely on preventive security systems, point security tools, manual processes, and hardened configurations to protect against targeted attacks. Henceforth, security management must be based on continuous monitoring and big data analysis for situational awareness and rapid decisions.
Keynote talk by David Dietrich, EMC Education Services at ICCBDA 2013 : International Conference on Cloud and Big Data Analytics
http://twitter.com/imdaviddietrich
http://infocus.emc.com/author/david_dietrich/
White Paper: Next-Generation Genome Sequencing Using EMC Isilon Scale-Out NAS...EMC
This EMC Isilon sizing and performance guideline White Paper reviews the Key Performance Indicators (KPIs) that most strongly impact the production processes for the storage of data from Next-Generation Sequencing (NGS) workflows.
Creative examples of origami logo design for inspirationMaxim Logoswish
Origami is the art of paper folding. When it comes to origami logo designs you have hundreds of clues to start creating your logo. All depends on your creativity and imagination when it comes to creation of origmai logos. A well designed gold logo may takes weeks to finish and at the same time you might get an idea and put it in paper within minutes. As such, it all depends on how imaginative you are.
Forrester: How Organizations Are Improving Business Resiliency with Continuou...EMC
This analyst report describes reasons why adoption of continuous availability is rapidly increasing, citing research on benefits they believe they can realize in their IT environment.
Industry Overview: Big Data Fuels Intelligence-Driven SecurityEMC
This industry overview describes how Big Data will be a driver for change across the security industry, reshaping security approaches, solutions, and spending. It presents six guidelines to help organizations plan for the Big Data-driven transformation of their security toolsets and operations as part of an intelligence-driven security program.
Transforming Information Security: Designing a State-of-the-Art Extended TeamEMC
This paper from the Security for Business Innovation Council (SBIC), sponsored by RSA, can help your organization build a state-of-the-art extended security team through seven actionable recommendations.
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Troy Marshall
CyCon 3.0 presentation- February 15, 2020
Successful digital transformations don’t begin with technology, they begin with people. As organizations adopt DevOps and cloud and realize the increased release velocity, ensuring the security of software and systems at the same velocity is a necessity but doing so isn’t easy. In this talk you will learn about common security challenges in DevOps and cloud and the skills cybersecurity professionals need to solve these challenges.
Getting Real About Security Management and “Big Data” EMC
It’s an exciting yet daunting time to be a security professional. Security threats are becoming more aggressive and voracious. Governments and industry bodies are getting more prescriptive around compliance. Combined with exponentially more complex IT environments, security management is increasingly challenging. Moreover, new “Big Data” technologies purport bringing advanced analytic techniques like predictive analysis and advanced statistical techniques close to the security professional.
SBIC Enterprise Information Security Strategic TechnologiesEMC
This report from the Security for Business Innovation Council describes next generation technologies that support an Information-Driven Security strategy.
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
Building secure apps and systems requires upfront and close coordination among many groups.
In this slidecast, George Hulme discusses how enterprise architects can drive that coordination and effect the required change that depends on it.
The pace and scale of technology advancements have created extraordinary avenues for businesses to grow. But with opportunities come risks, which need to be constantly navigated. Read this blog to uncover the top 5 cybersecurity trends to watch out for in 2021 and beyond.
Building an Intelligence-Driven Security Operations CenterEMC
This white paper describes how an intelligence-driven security operations center (SOC) improves threat detection and response by helping organizations use all available security-related information from both internal and external sources to detect hidden threats and even predict new ones.
Jump Start Your Application Security KnowledgeDenim Group
How to Jump-Start Your Application Security Knowledge
For the Network Security Guy Who Knows Nothing about Web Applications
Most security officers are not software developers, and rarely do they have control over the security associated with internally developed software systems. However, CSO's are still frequently held accountable when externally-facing software is compromised and a breach occurs. Unless security professionals radically upgrade their knowledge of software and software development techniques, they will continue to inadequately manage the risk that custom software systems represents to the enterprise.
Presented by John Dickson of Denim Group and Jeremiah Grossman of WhiteHat Security, this webinar will help non-development security managers understand the salient aspects of the software development process and to upgrade their IQ on software. It will help them to identify risks with different assessment approaches, how to inject themselves into the development process at key "waypoints," and to understand ways to influence development peers to write more secure code.
The 5 most trusted cyber security companies to watch.Merry D'souza
Through this latest edition of Insights Success, we wish to feature organizations that are quite adept in utilizing and adopting these tech-trends in their operations. ‘The 5 Most Trusted Cyber Security Companies to Watch,’ is an edition which will take you on a journey towards the digital security space. So, give it a read and enjoy articles curated by our in-house editorial team.
http://www.hcltech.com/ - More on HCL Technologies
As CIOs and business leaders try to create a modern infrastructure that can support today’s challenging IT environment, they may find themselves taking wrong turns or pursuing approaches that lead to dead ends. Here’s a technology roadmap for 2012 — one that highlights useful landmarks and identifies areas to steer clear of – that you can refer to as you explore today’s challenging IT environment. Read Now.
http://www.hcltech.com/ -
As CIOs and business leaders try to create a modern infrastructure that can support today’s challenging IT environment, they may find themselves taking wrong turns or pursuing approaches that lead to dead ends. Here’s a technology roadmap for 2012 — one that highlights useful landmarks and identifies areas to steer clear of – that you can refer to as you explore today’s challenging IT environment. Read Now.
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
CloudBoost is a cloud-enabling solution from EMC
Facilitates secure, automatic, efficient data transfer to private and public clouds for Long-Term Retention (LTR) of backups. Seamlessly extends existing data protection solutions to elastic, resilient, scale-out cloud storage
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
With EMC XtremIO all-flash array, improve
1) your competitive agility with real-time analytics & development
2) your infrastructure agility with elastic provisioning for performance & capacity
3) your TCO with 50% lower capex and opex and double the storage lifecycle.
• Citrix & EMC XtremIO: Better Together
• XtremIO Design Fundamentals for VDI
• Citrix XenDesktop & XtremIO
-- Image Management & Storage
-- Demonstrations
-- XtremIO XenDesktop Integration
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
Explore findings from the EMC Forum IT Study and learn how cloud computing, social, mobile, and big data megatrends are shaping IT as a business driver globally.
Reference architecture with MIRANTIS OPENSTACK PLATFORM.The changes that are going on in IT with disruptions from technology, business and culture and so IT to solve the issues has to change from moving from traditional models to broker provider model.
Force Cyber Criminals to Shop Elsewhere
Learn the value of having an Identity Management and Governance solution and how retailers today are benefiting by strengthening their defenses and bolstering their Identity Management capabilities.
Container-based technology has experienced a recent revival and is becoming adopted at an explosive rate. For those that are new to the conversation, containers offer a way to virtualize an operating system. This virtualization isolates processes, providing limited visibility and resource utilization to each, such that the processes appear to be running on separate machines. In short, allowing more applications to run on a single machine. Here is a brief timeline of key moments in container history.
This white paper provides an overview of EMC's data protection solutions for the data lake - an active repository to manage varied and complex Big Data workloads
This infographic highlights key stats and messages from the analyst report from J.Gold Associates that addresses the growing economic impact of mobile cybercrime and fraud.
This white paper describes how an intelligence-driven governance, risk management, and compliance (GRC) model can create an efficient, collaborative enterprise GRC strategy across IT, Finance, Operations, and Legal areas.
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
This white paper discusses the results of a CIO UK survey on a“Trust Paradox,” defined as employees and business partners being both the weakest link in an organization’s security as well as trusted agents in achieving the company’s goals.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
When stars align: studies in data quality, knowledge graphs, and machine lear...
Information Security Shake-Up
1. A Special Report by the
Information
Security Shake-Up:
Disruptive Innovations to Test Security’s Mettle in 2013
FEATURING THE PERSPECTIVES OF C-LEVEL SECURITY EXECUTIVES FROM:
ABN Amro Coca-Cola Fidelity Investments Johnson & Johnson TELUS
ADP, Inc. eBay Intel JPMorgan Chase T-Mobile USA
Airtel EMC HDFC Bank Nokia Walmart
AstraZeneca FedEx HSBC Holdings plc. SAP AG
An industry initiative sponsored by RSA
2. * Contents
REPORT HIGHLIGHTS
2013 PROMISES A FAST AND BUMPY RIDE 2
TECHNOLOGY TRENDS AND THE IMPACT
ON INFORMATION SECURITY 3
1. Cloud Computing Adoption>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 3
2. Social Media Adoption>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 3
3. Big Data Adoption>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 4
4. Mobile Devices Adoption>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 4
ADDRESSING THE GAPS 5
Boost Business and Risk Skills>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 5
Court Middle Management>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 5
Tackle IT Supply Chain Issues>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 5
Build Tech-Savvy Action Plans>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 6
1. Cloud Computing Competencies>>>>>>>>>>>>>>>>>>>>>>>> 6
2. Social Media Competencies>>>>>>>>>>>>>>>>>>>>>>>>>>>> 7
3. Big Data Competencies>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 9
4. Mobile Competencies>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 9
CONCLUSION/ ABOUT THE SBIC 10
REPORT CONTRIBUTORS: SECURITY
FOR BUSINESS INNOVATION COUNCIL 11
Disclaimer – This Security for Business Innovation Council Report (“Report”) includes information and materials (collectively, the “Content”) that are subject to change without notice.
RSA Security LLC, EMC Corporation, and the individual authors of the Security for Business Innovation Council (collectively, the “Authors”) expressly disclaim any obligation to keep
Content up to date. The Content is provided “AS IS.” The Authors disclaim any express or implied warranties related to the use of the Content, including, without limitation, merchant-
ability, suitability, non-infringement, accuracy, or fitness for any particular purpose. The Content is intended to provide information to the public and is not legal advice of RSA Security
LLC, its parent company, EMC Corporation, their attorneys or any of the authors of this SBIC report. You should not act or refrain from acting on the basis of any Content without
consulting an attorney licensed to practice in your jurisdiction. The Authors shall not be liable for any errors contained herein or for any damages whatsoever arising out of or related
to the use of this Report (including all Content), including, without limitation, direct, indirect, incidental, special, consequential, or punitive damages, whether under a contract, tort, or
any other theory of liability, even if the Authors are aware of the possibility of such errors or damages. The Authors assume no responsibility for errors or omissions in any Content.
2| SBIC special Report | RSA, The Security Division of EMC
3. Report Highlights
in 2013, a cluster of the gaps must be addressed Build Tech-savvy Action
disruptive innovations will in order for information-security Plans: Security teams must
continue transforming teams to keep pace with their build specific competencies and
enterprise IT and hammering organizations’ technology action plans for enabling these
at the very foundations of aspirations. innovations:
information-security strategies
For cloud computing focus on:
Boost Risk & Business
• optimizing cloud vendor
this year promises several Skills: Information-security management
major developments teams have long lobbied to be • solving controls assurance
in enterprise adoption of: perceived as business enablers • realigning the IT budget to
• Cloud computing: Many organiza- not inhibitors. Now that many cover the costs of cloud security
tions are preparing to move more are, they don’t have the right • sharpening technical proficiency
business processes – even mission- skills. To meet the swelling in virtualized environments
critical apps and regulated data – demands to enable innovation,
to the cloud. For social media focus on:
security teams must rapidly
• working with a multidisci-
attain risk management and plinary executive team to
• Social media: Based on social me-
dia’s new-found powers to influence business skills. develop policy and codes of
consumer purchasing behavior, conduct
many organizations are elevating Court Middle Management: • developing proactive incident
it to a strategic endeavor. At most organizations, the response plans
C-suite “gets it” but security • training end users
• Big data: Evidence of competitive
teams now face resistance from • monitoring social media
advantage is compelling more channels
organizations to begin big data middle managers who don’t
projects to gain market and want to expend their resources For big data focus on:
business intelligence. on security. Security teams must • understanding the complex
build these relationships, helping security issues created by
• Mobile devices: Organizations are middle managers to understand amalgamating and processing
experiencing a surge of consumer huge volumes of customer,
security’s value.
mobile devices accessing corporate market or business data
networks and storing corporate • getting in on the ground floor
data. Tackle IT Supply Chain
of big data projects
Issues: Organizations are
• ensuring access control
these trends will have a accelerating the implementation governance
big impact on information- of new technologies just as there • developing a plan to leverage
security programs, revealing is growing concern about the big data technologies for better
significant and growing gaps integrity of globally sourced IT threat detection
including a lack of business components. Comprehensive
For mobile devices:
skills, relationships, supply chain programs are required to
• Download the recent compre-
management, and tech-savvy evaluate as well as demonstrate hensive report from the SBIC,
action plans. trustworthiness of hardware and Realizing the Mobile Enterprise:
software. Balancing the Risks and Rewards
of Consumer Devices.
RSA, The Security Division of EMC | SBIC special Report |1
4. 1 2013 Promises a Fast and Bumpy Ride
I n 2013, a cluster of
disruptive innovations –
cloud computing, social
media, big data, and
outpace information
security, several major
developments in
enterprise technology
delivers specific guidance
to fill the gaps and ensure
that information-security
teams have the “right
mobile devices – will adoption are exposing stuff” in order to enable
continue transforming significant and growing innovation over the next
information systems. gaps in information- 12 months.
Conventional approaches security programs.
to information security Based on the
– such as perimeter perspectives of 19
protections, managed security leaders from Information security isn’t just about IT
end-points, signature- global enterprises, the anymore. Trends like cloud computing and
based threat detection, Security for Business consumerization are quickly extending the
and checklist risk Innovation Council information-security role. It’s about business.
evaluations – are (SBIC) has developed It’s about people. It’s about risk management.”
breaking down. As the this Special Report to DR. MARTIJN DEKKER
speed of technological help navigate the shifting Senior Vice President, Chief Information Security Officer,
advances continues to landscape. The report ABN Amro
2| SBIC special Report | RSA, The Security Division of EMC
5. 2 Technology Trends and the Impact on Information Security
E nterprises are looking to up the ante in technology
adoption this year. Information-security teams should
know what to expect and how they will be impacted.
1. Cloud Computing Adoption
2. Social Media Adoption
Trend: Many organizations are preparing to move more Trend: Social media has become a major influencer of
business processes – even mission-critical apps and consumer purchasing decisions, setting it on course to
regulated data – to the cloud. become a strategic endeavor.
Familiarity Breeds Trust Serious Business
By now, most companies have deployed some form Organizations will be looking at social media
of cloud computing, including Software-as-a-Service with a more strategic eye in 2013. A recent survey
(82% of companies), Infrastructure-as-a-Service (51% indicates brand following has doubled in the past
of companies), and Platform-as-a-Service (40% of two years by Americans who use social media. And
companies),1 to capture benefits such as cost savings, of those who use social networking sites at least
agility, and scalability. Over the next few years, once a month, 47% say that Facebook has the most
spending on public cloud services is predicted to influence on purchasing.6
increase at 19% per year.2 The opportunities to reach customers and create
Although supplier lock-in and system availability are positive brand awareness with social media are
some of the big concerns with the cloud, security remains huge. The problem is that social networking sites
the number one obstacle to adoption. But trust in the also present enormous opportunities for misuse
cloud is growing. In a recent survey, 50% of respondents and misinformation as well as malware distribution
were confident that the cloud is now viable for mission- and fraud. In fact, 66% of organizations name
critical business applications.3 Even regulators are social media as a significant or critical risk to their
getting more comfortable with the cloud. The Dutch brand.7 Yet only 38% of organizations have a security
banking authority has given Dutch banks the green strategy in place for social networking.8
light to use cloud services.4 Given this confidence, many As organizations increase their use of social
organizations are ready to move more business processes media to capture the business benefits, they must
to the cloud. But surprisingly, only 30% of organizations also put in place strategies to manage the risks.
have implemented a cloud security strategy5 even though Expectations should be set regarding allowable
cloud computing has been a growing phenomenon for activity on social sites and policy viewed broadly,
years. And even many cloud vendors don’t have sufficient balancing corporate interests with freedom of
security programs. expression. Tools and techniques will also be
required to mitigate the risks of incidents and
Ücome to a The security concernsdemand forcloud adoption
will
Impact:
head. The increasing
hindering
cloud
guard against social-media-based attacks.
computing will force organizations to find effective ways to
evaluate their providers’ security controls to ensure they meet
Ü Impact: Information-security teams must work
to actively manage the risks of social media, including
requirements, including implementing continuous monitoring. comprehensive policies and effective security controls.
1 uture of cloud computing survey, North Bridge Venture Partners, June 2012
F 5 he Global State of Information Security® Survey 2013, a worldwide survey by
T
2 artner: Public cloud spending to increase 19 percent annually to 2016,
G CIO, CSO and PwC, October 2012
FierceEnterprise Communications, October 23, 2012 6 The Social Habit, Edison Research, July 2012
3 uture of cloud computing survey, North Bridge Venture Partners, June 2012
F 7 uarding the Social Gates: The Imperative for Social Media Risk Management,
G
4 NB neemt hobbel weg voor ‘outsourcen in the cloud’, Nieuwsbericht,
D Altimeter, August 2012
De Nederlandsche Bank NV, (DNB), November 6, 2012 8 he Global State of Information Security® Survey 2013, a worldwide survey by
T
CIO, CSO and PwC, October 2012
RSA, The Security Division of EMC | SBIC special Report |3
6. TECHNOLOGY TRENDS AND THE IMPACT ON INFORMATION SECURITY
3. Big Data Adoption 4. Mobile Devices Adoption
Trend: Evidence of competitive advantage is compelling Trend: More employees are using their smartphones and
more organizations to begin big data projects to gain tablets for work, creating a surge of consumer mobile
market and business intelligence. devices accessing corporate networks and storing
corporate data. Organizations have to prepare for a world
where the dominant endpoint is not a desktop PC, but a
Better Threat Detection mobile device.
In the information-security community, “big data”
is generating considerable hype. The power of analytics Risks Mounting
can greatly improve the ability to detect cyber attacks.
Big data can be used to spot malicious activity by Heading into 2013, consumer mobile devices continue
amalgamating and analyzing system and user to create worrisome risks for organizations – ranging
behavior data. It will play a major role in changing the from loss of confidential information to high-profile
information-security model to be more effective. security breaches. Research shows that 70% of all
smartphone-owning professionals are now using their
personal devices to access corporate data, yet almost 80%
Good for Business of that activity remains inadequately managed by IT
departments.10 The potential benefits of mobile devices
It’s not only security that is excited about big data. can include improved productivity and reduced costs.
So are marketing departments and many other areas Capitalizing on these opportunities is only possible if
of business. Big data can be used to gain deep market enterprises know how to manage the risks.
insight, provide tailored customer service, and create
operational intelligence. A survey of executives
worldwide found that the use of big data has improved
Ü Impact: Mobile risksinformation-security teams must
To avert major incidents,
are reaching a critical mass.
their businesses’ performance, on average by 26%. implement strategies that manage the risks while enabling
The majority of these companies (58%) claim they will the rewards. Security strategies should assume the end-
make a bigger investment in big data over the next point is untrusted.
three years.9 This evidence of competitive advantage
will spur more organizations to invest in big data. But
the relative newness of the space means most do not
fully understand the privacy and security risks when
customer and business information is being collected,
combined, processed, and stored at unprecedented
scales and speeds.
Üvalue of big data for security and develop a multi-year
the
Impact: Information-security teams must recognize
plan to evolve their security management model to utilize
big data to detect and remediate security threats. They also
must get in on the ground floor of any new big data projects
that the business takes on, in order to understand the risks
and develop strategies to manage them.
When thinking about big data, information-security teams should not only consider how
they can use powerful analytics to detect security events but also realize that business
overall is shifting towards the use of big data. Securing big data will require an evolution
in data protection controls.”
DAVE MARTIN
Vice President and Chief Security Officer, EMC Corporation
9 The Deciding Factor: Big Data Decision Making, Capgemini, June 2012
10 Multi-market BYOD Survey, Ovum, September 2012
4| SBIC special Report | RSA, The Security Division of EMC
7. 3 Addressing the Gaps
I
n 2013, as enterprise adoption migrates from being an IT-focused Tackle IT Supply
of technology intensifies, to a business-focused problem, Chain Issues
information-security teams face many teams lack the required
significant gaps, including a lack skillset. Security professionals Organizations are accelerating
of business skills, relationships, must become risk managers and the implementation of new
supply chain management, business consultants – translating technologies within their IT
and tech-savvy action plans. business requirements into environments just as there is
Addressing these gaps will take a security requirements. More growing concern about the
commitment to rapid-fire change. and more, the performance of integrity of hardware and
security teams will be measured software components. Many of
on their ability to enable business, these components are globally
Boost Risk and which requires knowing how to sourced, creating complex supply
Business Skills tie security programs to business chain issues. Going into 2013,
outcomes. organizations must increasingly
As the need to protect question whether their IT supply
information has become chain can be trusted. However
increasingly vital, at most global Court Middle the approach should evolve from
organizations the information- Management banning gear to a more holistic
security role has become more risk management approach to
strategic and is transitioning to an As we begin 2013, most C-suites adopt technology with appropriate
“information risk management” and Boards “get it.” The growth of security safeguards. Organizations
role. Enabling a set of disruptive information protection regulations should seek assurances regarding
innovations is accelerating that and the escalation of cyber all of their suppliers’ technology-
trend, forcing a risk management threats mean that most of them development and -delivery
perspective versus a security understand the importance of practices.
“lock-down” mentality. To capture information security and consider As well, most organizations not
the business benefits of new it a priority. Today, it is common only implement IT products
technologies, each organization for CISOs to meet regularly with developed by others but also
must accurately evaluate how executive leadership and the develop IT, such as custom
much risk it is willing to take on Board. In many cases, information applications for use by business
to capture those benefits. The security has attained the sought- partners and customers. Whether
information-security team must after attention from the top. they develop commercial or
work with the business in order to The current resistance to custom hardware or software,
understand the risks and develop information-security efforts is two organizations must be able
protection strategies to mitigate levels down from the executive to demonstrate that they are
them to an acceptable level. level. Middle managers don’t want a trustworthy supplier of IT.
This includes identifying the key to use their resources on security. Comprehensive programs will
information assets and assessing They are incentivized by timeline be required to evaluate and
their value to the organization. and budget; adding security doesn’t demonstrate the integrity of
For years, security professionals fit into their objectives. Security the entire IT supply chain,
have been lobbying to be perceived teams need to build relationships downstream and upstream.
as business enablers rather than with middle managers, helping
inhibitors. Now many information- them understand the value of
security teams are bombarded information security. It may be
with requests to enable innovation. a harder nut to crack than the
But as information security C-suite.
RSA, The Security Division of EMC | SBIC special Report |5
8. ADDRESSING THE GAPS
Build Tech-Savvy Action Plans
Solving all of the security issues that disruptive
innovations are creating isn’t going to happen in
2013, but security teams have to make large strides
or fall even further behind their organizations’ plans
for technology adoption. Security teams must build
competencies and specific actions plans in each area.
1. Cloud Computing Competencies
Cloud Vendor Management
Organizations are ultimately accountable for
safeguarding the information handled by their
cloud service providers. Cloud computing is forcing
information-security teams to switch their focus from
implementing controls to assuring that the controls Budget Realignment
implemented by others meet requirements. Security The assurance process adds cost on both sides (for
teams need to determine “How can we ensure that the cloud provider and the enterprise). Organizations
cloud providers can meet our trust level? How do we should recognize that the increasing costs of
know they are attuned to our particular threats? Can assurance can reduce any cost savings from moving
they meet our regulatory compliance and e-Discovery to the cloud in the first place. As with outsourcing, if
requirements?” the process is mismanaged the cost savings may be
neutralized. Organizations also need to understand
Controls Assurance that in a highly virtualized environment more of IT’s
The conventional controls-assurance model is not budget will be needed to address cloud security. One
sustainable in the cloud. Client organizations can’t solution is budget realignment – reinvesting a portion
go on site to examine the security controls of every of the IT savings the organization achieves by moving
cloud service provider, so they expect the providers to to the cloud into managing the risks.
provide assurance by answering questionnaires. This
is an inefficient process, since the cloud providers’ Technical Proficiency
customers all ask the same questions. In order to evaluate the controls, security teams
Standardized assessments would help. Industry will need a high level of technical proficiency
initiatives, to achieve large-scale sharing of within virtualized environments. When servers
assessments, have not had a lot of success so far. It’s and applications are decoupled from hardware, the
hard for a large number of organizations to agree on security controls framework is completely different
a standard set of controls that will satisfy everyone’s than in conventional IT environments. For example,
requirements. Some organizations are beginning software controls (such as hypervisor security
to turn to small-scale sharing of assessments. This modules) replace hardware controls.
might follow the same model as intelligence sharing Many security teams are still not convinced
whereby exchanging information among a small set of regarding the efficacy of cloud security controls. They
trusted individuals grows over time. Another possible need to validate the security model for themselves,
approach is third-party assessments or certification of understanding the advantages and limitations, in order
service providers, such as the AICPA’s SOC 2 Report to oversee cloud providers. Especially in public clouds,
on Controls at a Service Organization or the upcoming data co-mingling and data remanence remain big
ISO 27017 Standard for Security in Cloud Computing. concerns. Security teams don’t yet have an acceptable
In moving to the cloud, security teams need to find level of assurance that cloud service providers can
effective ways to measure the health of controls and protect data integrity and confidentiality in a multi-
detect failures. The building blocks for attestations tenant environment. Proficiency in cloud security
through governance, risk, and compliance (GRC) controls is critical not only for public/hybrid clouds but
technology are there, but the process needs to mature. also private clouds. Security teams must have the know-
Automated and transparent controls assurance and how to secure virtualized environments within their
continuous monitoring will be an important part of the own data centers.
solution.
6| SBIC special Report | RSA, The Security Division of EMC
9. ADDRESSING THE GAPS
Cloud Computing Suggested Actions:
• lan for increasing
P • ake it a general rule to
M • everage technologies such
L
resources for cloud segregate the role of as GRC solutions that
vendor management. controls implementation can perform automated
from controls assurance to assurance and continuous
ensure impartial controls monitoring and provide
oversight. visibility into cloud
environments.
• ake the case to
M • ork with auditors in the
W • nsure your team has the
E
earmark a portion early stages of public or technical proficiency to
of IT savings that private cloud computing evaluate software controls
result from moving to initiatives, to educate them and secure the virtualized
cloud computing for about the new security environment.
information-security controls in virtualized
oversight. environments.
• actor in IT savings/
F • nvestigate the possibility
I • nvestigate next-generation
I
security oversight offset of sharing cloud vendor encryption solutions that
when making decisions assessments with a small can be used to protect your
regarding moving to the number of trusted partners sensitive data in the cloud.
cloud. to reduce redundancy and
costs.
2. Social Media Competencies It will require an organizational strategy,
including a defined code of conduct and an incident
Executive Treatment response plan. Defining social media policy takes a
The potential scenarios are nightmarish: insiders cross-functional team of executives from security,
tweeting pre-released earnings data, developers IT, legal, HR, and communications. It can be a long
inadvertently disclosing confidential intellectual process, taking months to set up the initial policy and
property in peer forums, employees making requiring ongoing iterations based on learnings and
inappropriate comments to customers or re-tweeting the evolution of the social space. For example, users
rumor as fact, hacktivists hijacking corporate officers’ will be testing the limits/parsing definitions.
social networking accounts, cyber-threat agents using Determining areas of responsibility can be an area
social sites for reconnaissance or spreading malware. of tension. It’s not always straightforward whether
The security team must carefully articulate the risks certain aspects of social media risks are security, PR,
of social media to the business – including data loss, or legal matters. The policy should cover who owns
damage to reputation, regulatory issues, malware what. For example, legal/compliance owns the liability
infections, and targeted spear-phishing campaigns – issues, marketing owns sentiment management, and
and design and implement controls to manage security owns technical monitoring solutions.
the risks.
Response Plan
Traditional incident-response methods that may
have worked with conventional media don’t
work with social media because of the extreme
audience reach and speed of communications.
Often, organizations are forced to think through a
social-media response only when they experience a
watershed event like a major outage or flash event. To
avert a social media crisis, an organization needs to
plan responses to various scenarios ahead of time.
RSA, The Security Division of EMC | SBIC special Report |7
10. ADDRESSING THE GAPS
End-User Behavior Threat Management
End-user training specific to social media is Brand monitoring on social sites is commonly used
essential. It’s not just about what employees do at by corporations to help manage reputational issues.
work but also on their personal time. Training should Customer care teams also monitor social sites
help them understand the policy and internalize the to address specific customer issues before they
consequences of non-compliance, making them safer escalate. The information-security team needs
Internet citizens overall. to work with the corporate marketing teams.
Organizations need to set constructive boundaries Monitoring social media sites can also be a valuable
through training and technical controls – although source of threat intelligence. Social media threats
technical controls available today lack the granularity (YourCompanySucks.com) are not necessarily cyber-
needed. Some organizations may have a very open security issues, but security should be informed of
culture where blocking of social media channels is not anything that points to possible cyber threats, such as
a viable option. Programs can also include moderating hacktivist postings or discussions regarding possible
an organization’s Facebook page and monitoring targeted attacks directed at the company. Some
employees’ postings on social sites. organizations have a team that specifically monitors
social media channels for security threats.
Social Media Suggested Actions:
• evelop a social media risk
D • ature the incident-
M • ain threat intelligence
G
management strategy response process and from reputation/brand-
involving a multidisciplinary include crisis management monitoring services.
team. and surprise drills that test
performance of the response
team.
• ave a clear policy which
H • evelop a plan to monitor
D • reate Facebook and
C
delineates responsibilities the corporate social media Twitter accounts for
and covers code of conduct presence for hijacking, leadership to pre-empt
and incident response. malware, misrepresentation, others from creating
and other public-facing falsified accounts.
threats.
• eliver ongoing end-user
D • reate policy regarding when
C • ork with vendors to
W
awareness training and how to respond to rumors/ develop more advanced,
programs including misleading statements flexible technologies
educating employees regarding your organization, for fine-grained social
on what information such as its security posture. media access control and
is appropriate to post monitoring.
on social channels and
monitor employees’ social
media activities.
For social media response planning, one of the most useful things is a
table-top exercise. Create scenarios and go through simulated events in
real time with all of the stakeholders – such as IT, Communications, HR,
Legal – in order to train and test the response of the team. You’ll quickly
learn how different social media events are compared to other events.”
VISHAL SALVI
Chief Information Security Officer and Senior Vice President, HDFC Bank Limited
8| SBIC special Report | RSA, The Security Division of EMC
11. ADDRESSING THE GAPS
Formulating Security Strategies
As organizations begin big data projects, security
teams must get involved early on, in order to
understand the risks and devise strategies to manage
them. To protect information in a big data context, a
major focus area must be access control governance.
Unfortunately not many specialized tools are
available yet. Limited data masking and coarse data
access control are some of the currently available
techniques, but they’re not sufficient. Better methods
3. Big Data Competencies for sanitizing aggregations and fine-grained access
controls for large data sets are needed.
Increased Complexity For big data, security teams will also need to get a
Big data technologies such as Hadoop go well beyond handle on information life cycle. It’s important to
conventional database engines. They allow organizations understand what data is being collected and stored,
to amalgamate data sets and run powerful analytics at including the queries: “What returns large amounts?
unprecedented volumes and speeds. Rapidly amassing Small amounts?” As well, the individuals performing
and processing customer and business information the analytics will need to be monitored. A possible
increases the complexity of security issues such solution may be a peer review of query results to
as access governance, confidential data exposure, check, for example, for access to PII.
regulatory compliance, and data integrity.
For example, as data sets grow, without robust 4. Mobile Competencies
access controls, individuals could easily be over- A recent comprehensive
provisioned access. If not carefully tracked, report from the SBIC, Realizing
confidential information could be combined with the Mobile Enterprise: Balancing
other data sets and inadvertently exposed. As the Risks and Rewards of
personally identifiable information (PII) is processed Consumer Devices, identifies
in new ways, organizations run the risk of breaching today’s major sources of risk
privacy laws which require that data remain in for the mobile enterprise
particular geographical locations. Analyzing blended and the outlook for the near
data sets to produce business insights may lead to new future and presents concrete
intellectual property (IP) that will need protecting. recommendations for managing
As well, data integrity issues arise when data from mobile risks.
different sources gets combined; organizations must
consider whether all of the data is from trusted
sources and if the resulting analysis can be trusted.
Big Data Suggested Actions:
• amp up technical
R • onitor what’s being
M • ducate analysts regarding risks
E
knowledge in big data. requested and what’s going to various types of data and
out including anomalous make clear what can be shared
access or queries. and with whom.
• nsure proper
E • atch carefully for over-
W • ove toward data-centric
M
information classification provisioning of access and security, protection that travels
which covers legal and segregate roles for different with the information.
regulatory compliance types of access, such as those
and considers country- who ask for queries and those
specific requirements. who run them.
• evelop data-flow
D • volve access control
E • ork with vendors to develop
W
mapping as a core governance by tracking technologies required for
competency of the types and levels of managing the risks of big data,
the security team. data requests and queries. such as better data masking,
meta-tagging, data classification,
and fine-grained access control.
RSA, The Security Division of EMC | SBIC special Report |9
12. 6 Conclusion
E xpect cloud computing, social media, big data, and mobile
devices to be on the radar as disruptive forces for all of 2013
and beyond. As enterprises accelerate implementation,
the information-security team needs to ensure it has what
it takes to enable innovation – including people, processes
and technologies. It is critical for the security team – as risk
management partners – to develop a keen understanding of
business goals and engage multiple departments and levels
of management. It will require developing or honing skills,
especially the ability to engage and influence stakeholders
from across the organization, in order to ensure that
information security has a seat at the table as the business
moves forward.
About the Security for Business
Innovation Council Initiative
The Security for Business Innovation Council (SBIC) is a group of top
security leaders from Global 1000 enterprises committed to advancing
information security worldwide by sharing their diverse professional
experiences and insights. The Council produces periodic reports exploring
information security’s central role in enabling business innovation.
10 | SBIC special Report | RSA, The Security Division of EMC
13. Report Contributors Security for Business
Innovation Council
MARENE N. ALLISON, ANISH BHIMANI, CISSP, WILLIAM BONI, CISM, CPP, CISA, ROLAND CLOUTIER,
Worldwide Vice President of Chief Information Risk Corporate Information Security Vice President, Chief Security
Information Security, Officer, JPMorgan Chase Officer (CISO), VP, Enterprise Officer, Automatic Data
Johnson Johnson Information Security, Processing, Inc.
T-Mobile USA
DR. MARTIJN DEKKER, Senior JERRY R. GEISLER III, GCFA, RENEE GUTTMANN, Chief MALCOLM HARKINS,
Vice President, Chief GCFE, GCIH, Office of the Chief Information Security Officer, Vice President and Chief
Information Security Officer, Information Security Officer, The Coca-Cola Company Information Security Officer,
ABN Amro Walmart Stores, Inc. General Manager, Information
Risk and Security, Intel
KENNETH HAERTLING, PETRI KUIVALA, DAVE MARTIN, CISSP, Vice TIM MCKNIGHT, CISSP, Execu-
Vice President and Chief Chief Information Security President and Chief Security tive Vice President, Enterprise
Security Officer, TELUS Officer, Nokia Officer, EMC Corporation Information Security and Risk,
Fidelity Investments
FELIX MOHAN, ROBERT RODGER, Group Head RALPH SALOMON, CRISC, VISHAL SALVI, CISM, Chief
Senior Vice President and of Infrastructure Security, Vice President IT Security Information Security Officer
Global Chief Information HSBC Holdings plc. Risk Office, SAP ag and Senior Vice President,
Security Officer, Airtel HDFC Bank Limited
To see SBIC
members’ full bios,
SIMON STRICKLAND, LEANNE TOLIVER, CISA, CISSP, DENISE D. WOOD, Corporate please visit emc.com.
Global Head of Security, Interim Chief Information Vice President, Information
AstraZeneca Security Officer, Global Security, Chief Information
Information Security, eBay Security Officer, Chief IT Risk
Officer, FedEx Corporation
RSA, The Security Division of EMC | SBIC special Report | 11