| | February 20146CIOReviewTransforming Information SecurityMany security processes currently are lagging and are reflective of an old perimeter-based security strategy. These old security processes cannot scale and are inefficient when faced with the complexity of managing cybersecurity risks for the enterprise today. For security teams to keep pace with today's cyber threats and latest business and technology trends, it requires an overhaul of information security processes. The evolving threat landscape, regulatory pressures, changing business conditions and new technologies have driven dramatic changes in the roles and responsibilities of information security teams over the last 18 months. It is time organizations transform and keep themselves updated. Security leaders on the council observe that business groups are taking greater ownership of information assets and risk management. Information security must collaborate with business units to set up systems and processes so that identifying, evaluating, and tracking risks are more effective. As the leaders at the council track the developments going on in the security space, they hence summarize the key areas that need improvement as follows. Risk Measurement: Describing risks in technical terms such as "number of intrusions or vulnerabilities" makes it difficult to advise business leaders on how to manage cybersecurity risks. Business Engagement: The processes for tracking risks should be easy and efficient for the business to use, but are often based on cumbersome manual methods.Control Assessments: The health of security controls should be measured as a continuity of capabilities, as piece meal assessments are no longer sufficient to eliminate the risk of error. Third-party Risk Assess-ments: The current model of risk assessment is inefficient, repetitive and does not pro-vide ongoing visibility into the service provider's security con-trols.Threat Detection: An intelligence driven security approach is required but most security teams are still unsure about what data to collect and how to perform meaningful analysis.EMC Corporation (NYSE : EMC) offers data storage, information security, analytics and cloud computing enabling businesses to store, manage and protect data. Founded in 1979 and headquartered in Massachusetts, the company has a market cap of $50.66 Billion.Dave Martin, VP & Chief Security Officer, EMC CorporationDave MartinOpinion
< Page 5 | Page 7 >