Editor’s Note: For Continuous Monitoring Best Practices, see FISMA Focus here.
From: InfoSecurity Magazine
The ability to continuously monitor big data across financial, operational and IT domains has emerged as a critical security and regulatory requirement for global corporations and government agencies. However, no comprehensive industry alliance has been in place to encourage the development of independent best practices.
The Agiliance Security Risk Management (SRM) Advisory Council aims to change that, bringing together a range of security-minded organizations and US government agencies to encourage new thinking with respect to IT security and risk management.
It’s clear that as technology and smarter devices are ever accelerating the digital processes by which corporations communicate internally and with each other, the opportunities for security breaches are escalating. Today, the average loss in brand value for a company that experiences a data breach can be anywhere from $184 million to more than $330 million, according to PricewaterhouseCoopers. But the firm predicts that the risk of a breach occurring will continue to increase because companies are maintain ever-greater amounts of digitized personal data on customers and employees. And even more concerning, the policies put in place are often outdated, or worse, not properly followed.
“In our experience, every company has security controls and privacy policies, and often quite good ones,” PwC noted in a recent report. “But in many instances these processes and policies are not being followed and new threats are often overlooked.”
Further, PwC noted that companies that are good at managing information security risks typically assign responsibility for their security regimes at the highest levels of the organization – the C-suite. However, execs are not as involved as they should be. PwC’s data show that only 39% of US executives actually reviewed their security policies annually – down from 52% in 2009. A lack of updated policies is a gift-wrapped present for the nimble, rapidly evolving hacker community.
To help evolve thinking and approaches around security, Agiliance has signed on a range of members, including the Bank of New York (BNY) Mellon, CIT Group, DnB NOR, Fannie Mae, Fiserv, Qualcomm, State Street Bank, various US Federal government agencies and key members of the intelligence community to form a non-vendor-specific incubator for security-related ideas and to accelerate collaboration among public and private sector organizations hit hard by cyber risks.
The charter advisory council members for the group are Robert Bigman (former CIA CISO), Oliver Eckel (CEO at Cognosec), Pravin Kothari (founder and CEO of CipherCloud), and Ken Tyminski (former CISO at Prudential Financial).
“Bob, Oliver, Pravin, and Ken are distinguished members in the information security community with the ability to foster innovation across a variety of industry sectors,” said Joe Fantuzzi, president and CEO at Agiliance, in a statement announcing the group. “Their expertise and industry contacts will help drive collaborative, multi-sector initiatives focused on making big data risk management pragmatic.”
Leave a Reply