• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

PodChats for FutureCISO: CISO in the crosshairs of security and privacy

Allan Tan by Allan Tan
March 30, 2022
PodChats for FutureCISO: CISO in the crosshairs of security and privacy

PodChats for FutureCISO: CISO in the crosshairs of security and privacy

The CISO is responsible for the vision, strategy, and program to ensure the protection of information assets, and technologies. As it relates to policies, vendor management, data breaches, and reporting to the board of directors, the CISO plays an integral and sometimes overlapping role with that of the Chief Privacy Officer (CPO) to protect the brand and reputation of an organization.

So what exactly is the CISO’s role and responsibility as it relates to the increasingly intertwined issues of security and privacy. Let’s add data protection to complicate the discussion for good measure.

For the uninitiated, data privacy may be misconstrued as the same as data security.

In 1976, Turn and Ware defined security, as “the procedural and technical measures required to (a) prevent unauthorized access, modification, use, and dissemination of data stored or processed in a computer system, (b) prevent any deliberate denial of service, and (c) to protect the system in its entirety from physical harm.

Vincent Goh

Privacy, on the other hand, is looser as its meaning depends on the context in which it is used. For Vincent Goh, senior vice president, APJ, CyberArk, privacy is concerned with what kind of information organisations process, store and transmit.

“For security, it's always about preventing unauthorised access via breaches or leaks. Privacy is concerned about what kind of information organisations process, store and transmit,” he added

The ongoing struggles of CISOs

Speaking at both GDS’ European and US Security Digital Summits, Dr Claudia Natanson, chair of the Board of Trustees, UK Cyber Security Council, said “security is not treated as a business function, it’s treated as a technology function.”

And arguably this obsession with technology is distracting everyone from the reality that most information security breaches are caused by humans irrespective of intent.

Goh posits that a lot has changed for CISOs, particularly during the pandemic. He posits that CISOs need to think about infrastructure and identity, and the need to update themselves with innovations in terms of cloud, as a service adoption, DevOps and zero trust.

“The pandemic has accelerated the effects as companies are forced to work from home. CISOs are forced to deal with this remote workforce, and it has changed the traditional strategy which is focused on perimeter defence and protecting people within the company's network and boundaries. But now they need to think about extending the capability to using cloud services,” he continued.

Do not overstep responsibility

Asked how the CISO can perform his function without overstepping the bounds of responsibility, Goh skirts the response saying privacy is about using information responsibly, keeping it private, and then security is for keeping it safe. They are complimentary and it should be a collaboration, not competition.

“The CPOs role is to dictate internal policies and programs and make sure data is compliant with local privacy laws. They also need to balance the costs of maintaining privacy versus a company's business objective. The CISO is focused on building and managing systems to protect the company's data,” he continued.

Separating privacy from security

Goh suggests being diligent in doing the basic cyber hygiene habits. He adds configuring the system properly is one of the biggest issues that people face, and the key is to back up regularly.

He warns that customer privacy should come before profitability. “You either respect or lose it. Customers are demanding honesty and transparency from companies. They want to know that their data is handled responsibly,” he added.

Tips for 2022

Privacy continues to move up in the scale of importance to not just the CISO and CIO, but the rest of the C-suite and the Board. In the Cisco 2022 Data Privacy Benchmark Study, 94% are reporting one or more privacy-related metrics to the Board.

The most-reported metrics include Privacy Program Audit findings (34%), Personal Data Breaches (33%), and the results of Privacy Impact Assessments (32%).

As for his tips to CISOs to be effective at their role in 2022, the first thing Goh suggests is to first have constructive paranoia.

“How you wake up thinking dictates the way you respond daily. It's important to always do defence in depth strategy when it comes to cybersecurity. Think like an attacker, conduct red team exercises to look at where the blind spots are,” he suggested.

He also suggested raising employees' awareness of cybersecurity. The third is companies should review the processes, strategy, and implementation to make sure that they are keeping up. Finally, accept that identity is the new perimeter.

“My suggestions are to use strong passwords and change them regularly, especially privileged credentials. Secondly, use multi-factor authentication, adopt the least privilege approach, and don't give privilege to users if you don't have to, and don't provide standing access,” he concluded.  

Click on the PodChat player to listen to Goh explain how the CISO can be effective in managing the forces pulling security and privacy in different directions.

  • The terms security and privacy are often used interchangeably. What’s the difference between data security and data privacy?
  • What are the various struggles faced by a CISO when it comes to ensuring data security and data privacy?
    • Has this changed with the pandemic?
  • Where the Chief Privacy Role exists, how does the CISO perform his role without overstepping the bounds of his/her responsibility?
  • Our topic is CISO at the crosshairs of security and privacy. What needs to happen from an infrastructure point of view?
  • Transparency and trust will be a key priority for consumers in 2022. How can businesses build and maintain trust effectively?
  • What are your tips for CISOs?
Related:  Five signs your organisation is at cyber risk
Tags: CyberArkcybersecurityPodchatsprivacysecuity
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe