Discussion

2 Cloud computing threats

One of the biggest challenges information security leaders have is being able to  effectively communicate the value of their team’s efforts across the organization .Here  the ability to accurately report on their organization’s state of security and communicate the benefits of a proactive security effort in a language the rest of the organization can understand. This session will draw from the experience of seasoned CISOs with proven track records in enabling core business objectives by influencing key stakeholders in the organization. These risk and information security leaders will share their advice on how to effectively create and demonstrate security’s value. The security function is often seen as doing security for its own sake, rather than for the benefit of the business, and so misses the point of security entirely which is about managing risk to acceptable levels.

       The security function all too often acts in a condescending manner thinking it knows what is best for the business when in fact it is just one of the various functions in which they have the organizations for business decisions. Business executives are far more interested in what is happening with information security than ever, thanks to a plethora of high-profile, very visible breaches and security incidents.

In recent years the level of attention paid to cybersecurity issues by organizations has skyrocketed. Cyber risk is now a board-level concern, and IT security budgets have risen accordingly. Despite the increased attention, it is not clear whether firms have become more sophisticated in how they manage cyber risks. Historically, most firms have made cybersecurity investment decisions by adhering to industry best practices, without necessarily developing a detailed understanding of their overall cyber risk first. Risk management is predicated on risk quantification, and many researchers have attempted to quantify cyber risks using quantitative metrics such as return on investment.