CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | SEPTEMBER 20178CIOReviewBecause most information security executives work for companies where security isn't their product or service, security often is seen as a cost center and not a profit center. That's not to say these organizations don't see security as a high priority, especially in the financial services industry (e.g., banking, investment, and insurance) or in healthcare. However, since security doesn't generally generate profit, it's typically viewed as a support function that eats away at a company's bottom line. This applies to other necessary support functions that must minimize their impact on the company's expense ratio. Early in my engagement as CISO at People's United Bank, Executive Vice President Hank Mandel told me, "You don't have to have a great security program, but it must be good enough." That made me think of the quote from legendary football coach Vince Lombardi, who once said, "Perfection is not attainable, but if we chase perfection, we can catch excellence." He was absolutely right, but what defines excellence? This launched my quest: I will chase perfection know-ing that excellence is in the realm of possibility.At that time, we were generally more concerned with regu-latory compliance and reputation risk than the direct criminal threat. Criminal, hacktivist, and state-sponsored threats were not as prominent, at least in regional and community banks. Data breaches were most often unencrypted lost tapes or other physi-cal loss of media. Being good enough, per Mr. Mandel, or chas-ing perfection, as I call it, meant ensuring a known consistent state of compliance while taking appropriate and reasonable measures to protect clients. The challenge remains knowing what excellence is before finding out it wasn't good enough through an unfortunate situation. I have realized excellence is less a state than an on-going journey. To be excellent requires a solid security framework, an effective systemic control structure, con-tinuous intelligence flow, monitoring of your environ-ment and adjustments as changes occur. That which is excellent today for one company may not be next month or may never be good enough for another company. By Tim Callahan, Senior VP & Global CSO, AflacChasing Perfection to Find ExcellenceTim CallahanIN MY OPINION
< Page 7 | Page 9 >