Director of Information Security
There is now a need evolving to create a better-sophisticated system of security that can prevent many financial disasters for companies and customers. This becomes necessary because of growing technology and the way the malicious elements have become better at using technology to further their nefarious purposes. Financial institutions also stand a good chance of being the target of the future cyber terrorist. Because of all these changes, the role of the security directors known as the CISCO -- Chief Information Security Officer has become very specialized to the extent that form the rudimentary service it began with, namely the basic IT security administration. It has now encompassed the role of addressing every threat and risk management especially in financial organizations that have large customer bases, ATMs and online banking. It was formerly a necessary periphery service that included just maintenance of firewalls, upgrading antivirus and cleaning spy ware off infected laptops and so on. The fact is that these duties are not taken off; but the CSOs are being pushed to become decision makers in the question of designing the program, and defining acceptable risks that makes the CISO a business enabler and a part of the decision-making management. (Brenner, The New CISO: How the role has changed in 5 years)
Security today means protection of assets and of the person or system, which ensures business continuity. In financial institutions like banks for example continuity and the ability to manage disasters and affect quick recovery is now the domain of work along with the information security, which is more than machine security -- all of which fall within the ambit of the CISO. There has been a great change the way institutions have been looking at security, which now means ensuring information safety and recovery along with the conventional security measures. The modern officer needs to be aware of analytics -- predictive analytics and strategy implementation. Though the information security technology and services are upgraded on a smaller frequency in all financial institutions, the management is not happy about data protection still. One problem is that the companies while building a hard exterior have failed to ensure that the stored information is secure. Given the dynamic nature of information, Information is dynamic, and the rules of perimeter-based security are no more applicable. (Hoffman; Tyminski, From Financial Services CISO to Chief Information Management Office: Tackling 360 Degrees of Enterprise Protection)
Discussion
Complexity of the Issues:
Information Security will become a future need and will rise in importance in the future. Data security is often confused with information security although it is a critical part of security. Today the need for protecting data has become very vital because of the fact that the data refers to clients and customer information. Malicious persons can use data to dwindle the client or organization causing financial disasters. In view of this, the government has passed that the protection of data is not only a need for the company but is also mandatory -- for example, the Data Protection Act 1998. The security officer is liable as of now, and in future, the liability will increase in the aspect of guarding information about individuals that is stored, especially because the Acts and its provisions make the company directors liable personally for the accuracy of their databases. Thus, individuals may sue for misuse of personal information, for not protecting data, and such charges could result in trial and imprisonment. (Pain, 22)
Therefore, the roles of the security officers are going to be augmented in the future with more responsibilities and the power to intervene. This is critical because the responsibility is more to the whole society rather than the institution. As such, they become liable for security lapses and can be arranged in courts. This burden thus places greater importance on the security officers. The present scenario has seen development of many methods to keep data safe. Although...
Disasters can happen anywhere. In fact prior to September 11, disaster recovery plans did not include terrorist acts, or war. (Stephens, 33)
It is against these that the CISO is expected to find solutions and also the three types of possible disasters, first being a physical destruction of infrastructure that could be caused at any centre by a natural disaster like cyclones, or a man made disaster like fire -- electrical or other wise, surges, lightening etc. The physical destruction could be also a result of terrorism, or other types of acts. The second is the damage to the storage medium because of system malfunctions, virus or the problem with the electronic media and the corruption of data, virus and other similar threats. The third could be a hacking or external threat caused by an agent who is malicious.
The role of the security personnel is more today because the breach of confidential information results in a lot of backlash and serious issues, primarily the customer loses confidence, and often there accompanies bad media publicity. This results in both a bad reputation and prosecution. Thus, the legal and financial implications are too much to neglect the role of security systems and personnel. (Hoffman; Tyminski, From Financial Services CISO to Chief Information Management Office: Tackling 360 Degrees of Enterprise Protection)
The disaster that could arise from the causes of malignant action can be avoided by using security and by updating the virus scan procedures. This type of activity is prevention. However, some of the disasters will occur and is out of control. In the events like fire, for example, insurance of the data is necessary and it can save lot of costs and provide for damages that may ensue. These are preventive but do not directly help in recreating the data. For such a solution, there is only one way, continuously store data as back up in a place that would not likely be a subject of a direct disaster.
Changing Role:
Importance of the role of security officers has been enhanced in the past decades. The information security officer meet new challenges every day and the CISOs must be up-to-date in the information management technology. Infrastructure and data must be protected simultaneously and the tasks would span "consolidation, classification, backup, recovery and archiving" all into account. (Hoffman; Tyminski, From Financial Services CISO to Chief Information Management Office: Tackling 360 Degrees of Enterprise Protection)
Today security means also protecting the customer and the customer identity. Officers will have to see that the internet banking guidance and the procedures related to consumer identity protection and other issues are being complied by not only the system, but also other officers and identities of the institutions. This makes their role more of enforcers. The security officer will not only be concerned with the above issue but must also be an expert in many financial usages including the way the financial institution ought to protect and keep private customer data, partner information, intellectual property issues and how the protection must be ensured for the entire information life cycle. (Hoffman; Tyminski, From Financial Services CISO to Chief Information Management Office: Tackling 360 Degrees of Enterprise Protection)
Information can be carried or 'stolen' from the perimeter using mobile gadgets like PDAs, laptops and other mobile devices. These can be of use to remove data from the systems interior, and making useless perimeter defenses. So if a laptop went to the wrong hands, how can the information be protected? (Hoffman; Tyminski, From Financial Services CISO to Chief Information Management Office: Tackling 360 Degrees of Enterprise Protection)
Unsolved challenges like this attract the best brains into becoming security officers. The role will be enlarged because the officers will also be required to attend to training of the…
