BEDFORD, MA. - December 08, 2009 -
RSA, The Security Division of EMC (NYSE: EMC), today released a new research report that explores the link between CEO priorities and information security strategy examining how a divide between an organization's CEO and its security officer can detrimentally impact its risk profile and ultimate business success.
As the fifth report in RSA's Security for Business Innovation series, Bridging the CISO-CEO Divide takes an in-depth look at what it takes to garner CEO support for a strategic information security effort. Coupled with that advice are recommendations for what CISOs should not do; taking a candid look at some potentially job-losing ways to alienate your CEO. Perhaps most importantly, the report challenges CEOs to see how their lack of support for strategic information security could unintentionally put their companies at risk.
The report is based on in-depth conversations with the Security for Business Innovation Council, whose members are the top security executives at the world's largest organizations, as well as Michael Capellas, Chairman and CEO of First Data. (Listen to a podcast with Michael Capellas for his perspective on this report.)
"The importance of aligning security investments with the corporate agenda is now well understood," said Art Coviello, Executive Vice President, EMC Corporation and President, RSA, The Security Division of EMC. "Yet in spite of this progress, most security leaders are still struggling to convince their CEOs that security absolutely must be a core component of their business strategy. It's time to get this issue solved, and success will require both CEOs and CISOs to shift how they think, act and run their organizations."
Bridging the CISO-CEO Gap calls attention to the fact that many of the actions organizations are taking to survive in this economy – like using new technologies and global business models to drive efficiencies – are both innovative and risky. Never before have information security officers been in such a strong position to help their companies take the right risks in the right ways. But, first they must gain the confidence and support of their CEOs. CEOs must also recognize that their companies' success in recovering from the economic downturn and thriving in the longer term is dependent on their companies' ability to expertly manage the risks they are taking.
Key recommendations to help security professionals gain CEO support include:
"You have to be able to understand risk analysis as the premise," said Michael Capellas, Chairman and CEO of First Data. "That's where you start. This is about risk. The language of business is about risk. And if you sit in a CISO position and you can't meaningfully talk about measures of risk and layers of risk, you're probably not going to be successful."
The report also serves as a wake-up call for CEOs. It underscores the need for CEOs to understand how significantly their actions and attitudes will impact the effort to protect information at their companies. To this end, the Council points out some of the top ways the CEO can unwittingly put the company at risk when it comes to information security including:
CISOs and CEOs can measure their progress in strategically aligning security and business via a private ten question interactive tool.
, a part of , enables organizations to modernize, automate and transform their using industry-leading , servers, and data protection technologies. This provides a trusted foundation for businesses to transform IT, through the creation of a , and transform their business through the creation of cloud-native applications and solutions. Dell EMC services customers across 180 countries – including 98 percent of the Fortune 500 – with the industry’s most comprehensive and innovative portfolio from edge to core to cloud.