Intelligent CIO Europe Issue 4 - Page 97

/////////////////////////////////////////////////// t cht lk USING DATA TO ENHANCE YOUR ENTERPRISE CYBER HYGIENE Maintaining control over data is vital for the protection of it and enterprises are becoming aware that they must step back and look at how they might solve cyber hygiene processes. Managing data as efficiently as possible is important for business development, something that Jim Doggett, US Vice President and CISO at Panaseer, which operates throughout Europe, discusses. I n the good ‘ol days of CISO, things were straightforward and it was pretty easy to do what it took to be successful. I would prepare a budget for the upcoming year from a list of essential and value-added projects, which my security and risk team supported. Then we would sell the budget request through the normal approach: fear, uncertainty and doubt. Quite simply, if anyone questioned our request we would state that if we don’t do the project, we might get hacked and we would fear losing our jobs. With the budget in hand, we would set off and get a lot done over the course of the year. Then, at year end, we would produce a PowerPoint with all the great things we accomplished. However, something then changed in my simple world. My Board of Directors and the C-suite began asking: “What is the ROI on each security investment,” and “How does each project reduce the risk to our organisation?” They then started asking for monthly updates on our progress to reduce those risks. This was the beginning of how I, as a CISO and IT Risk Officer, began to think about security in a very different way. I was “ I FIND IT VERY INTERESTING THAT THE VERY THING I COMPLAINED ABOUT MOST; NOT ENOUGH RESOURCES TO ADDRESS ALL THESE EMERGING SECURITY ISSUES, WAS UNDER MY OWN CONTROL ALL ALONG. INTELLIGENTCIO 97