APAC CIO Outlook
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Agile

    Artificial Intelligence

    Aviation

    Bi and Analytics

    Big Data

    Blockchain

    Cloud

    Cyber Security

    Digital Infrastructure

    Digital Marketing

    Digital Transformation

    Digital Twin

    Drone

    Internet of Things

    Low Code No Code

    Networking

    Remote Work

    Singapore Startups

    Smart City

    Software Testing

    Startup

  • E-Commerce

    Education

    FinTech

    Healthcare

    Manufacturing

    Retail

    Travel and Hospitality

  • Dell

    Microsoft

    Salesforce

    SAP

  • Cognitive

    Compliance

    Contact Center

    Corporate Finance

    Data Center

    Data Integration

    Digital Asset Management

    Gamification

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    RegTech

    Travel Retail

Menu
    • Compliance
    • Software Testing
    • Procurement
    • Managed Services
    • Cyber Security
    • Gamification
    • Blockchain
    • CRM
    • E-Commerce
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    Welcoming Big Data Technology amidst Changes

    Darren Cockrel, CIO, Coyote Logistics

    Leveraging Compliance to Your Advantage

    Mark Bloom, Global CIO, Aegon

    Demystifying the Role of IT in Millennial Organizations

    Jeff Fithian, VP, Strategic Initiatives and CIO, Dynamic Materials Corporation

    Lessons Learned from a CIO

    John Miller, Vice President and CIO, American Textile Company

    The Hard Case For Investing In Compliance

    Alexander Maclean, Global Head Of Regulatory Compliance / Chief Compliance Officer, Aegon [Ams: Agn]

    Compliance , Regulatory Affairs, Contract Management

    Charles Hammersla, Head Of Facilities Management – Nab, Cushman & Wakefield [Nyse: Cwk]

    Andreas Uremovic, Managing Director, Global Head Investment Portfolio Compliance, Allianz Global Investors [Fra: Alv]

    Andreas Uremovic, Managing Director, Global Head Investment Portfolio Compliance, Allianz Global Investors [Fra: Alv]

    Cyber Grc:Core Enabler Of Strategic Cybersecurity

    Jamie Sanderson, Director Of Cyber Governance, Risk, And Compliance, Aes

    right

    Productivity and Security- Can you ever have both?

    Julie Cullivan, SVP, Business Operations & CIO, Fireeye

    Tweet
    content-image

    Julie Cullivan, SVP, Business Operations & CIO, Fireeye

    Risk. It’s a four-letter word in more ways than one. Fear of risk makes us wait, put things on hold, and potentially cost us something: an opportunity, a competitive edge or an account.

    Sometimes it’s not only worth it to take a risk, it’s necessary. Businesses may need to change the way they do business, and that change may require a certain amount of risk.

    What many companies don’t believe is that it’s possible to do both—be productive and maintain security.

    Enterprise Risk Management

    The cyber security world is fraught with risk. And while we like to feel secure the fact is, breaches are inevitable. There is no question a security breach can happen to even the most prepared organisation, thanks to savvy, sophisticated threat actors. We develop a new way to protect ourselves and before it’s even in place, some hacker is ahead of the curve with a way to sneak past it. So if you can’t guarantee a breach won’t happen, the best you can hope for is to lessen your exposure to risk. Enterprise risk management is the best way to approach that.

    There are three fairly straightforward steps to managing risk:

    1. Measure

    2. Discuss

    3. Negotiate

    1. Measure: Your first task is to accurately measure your level of vulnerability. Just how much risk are you willing to accept? Zero risk is probably not an option for most of us. Just having a computer or a mobile device means there’s a potential for a breach. So first determine how risky it is, and then decide whether a new way of doing business is worth that risk. Say you’re considering whether to allow your employees to use a cloud application to store and share files. Is the need for them to share instantly more important than the risk of opening your network up to possible malware-infected documents?

    2. Discuss: It’s important to have buy-in from people across the company. A working team composed of cross-functional representation can do a lot of the legwork on the front end to assess the risk and how it will impact the company’s productivity. A decision to roll out a new HR system may impact finance, or may mean sales people on the road now need mobile access. This team can address the concerns and calculate the risk involved in implementing the new capabilities. Regular meetings are key here, because businesses, and their needs, change–but so does the threat landscape.

    A Security Breach Can Happen To Even The Most Prepared Organisation, Thanks To Savvy, Sophisticated Threat Actors

    Input from various stakeholders ensures you’ve thought of everything before taking an idea to the top-level decision makers.

    3. Negotiate: Consider creating an executive security steering committee. During regular meetings, this team should be updated on where the company currently is security-wise, and discuss security concerns that need to be addressed at the executive level. Sometimes you’re faced with a higher level of risk than you’re used to, and you may get push back from folks who are unwilling to take that leap of faith. If your working team has already discussed the pros and cons and concluded that it’s worth the risk, your executive team has the input they need from across the company to make an informed decision. This team should meet quarterly but may be needed in the meantime if a security need arises. Above all, it is key that this team understand that security is not simply an IT concern–it is an enterprise concern with company-wide implications.

    “The right combination of technology, intelligence and expertise can go a long way to protect your company’s network while keeping your company’s doors open for business”

    Lock the Doors

    While it may sound dramatic, an organisation needs to secure the perimeter before anything else. How secure are your firewalls? When is the last time you updated your anti-virus protection? Regardless of your answer, you probably aren’t doing enough to keep your company secure. Cyber attacks easily bypass traditional signature-based tools, which means you need a security platform that not only works to prevent a breach, but also detects possible attacks and helps you analyze and if necessary, responds.

    The Cloud and mobile devices are hot targets for hackers looking for a way in. The last thing you need is for an employee to potentially bring something into your environment by plugging in their mobile device into your secure network. The bad guys may already be targeting you from outside–don’t make their job easier by having one of your own inadvertently being the malware messenger. Does that mean you shouldn’t adopt a BYOD mentality? Not necessarily. Mobile access is the key to many business needs and can help your employees stay productive. It simply means you need to make sure you’re as protected as possible.

    And if your system gets compromised, you’ll need tools to respond and contain the breach and mitigate loss. These types of tools take time to implement, and your working committee and executive steering committee should discuss these as soon as possible to they’re prepared for the worst. The right combination of technology, intelligence, and expertise can go a long way to managing a compromised network and keeping your company’s doors open.

    Decisions

    Business needs change over time. When you’ve got to decide whether how to meet your changing needs, the decision ultimately comes down to a tradeoff between productivity and security. Things to keep in mind at this stage are the potential business impact, the impact on productivity, whether it will help drive the business or deliver service to a customer. These factors must be taken into account when determining whether to undertake a move that may carry additional risk.

    Other concerns: How important is this change to the company? Is it impeding the business’ operations to keep the status quo? Will this change open your company up to potential data leakage or privacy concerns?

    The bottom line is: you can have a balance between productivity and security. Keeping your company (and your customers) secure cannot mean total lockdown, because no one can do their work. Find a level of risk you’re comfortable with, take the necessary steps to protect yourself as best you can, and have a plan in place to contain a breach in the event it happens. And know that you’ve done everything you can to eliminate one four-letter word from your vocabulary, or at least, to tame it.

    tag

    Enterprise Risk Management

    HR

    Weekly Brief

    loading
    Top 10 Compliance Solutions Companies - 2022

    Featured Vendors

    MasterSAM

    Sanjeev Dhar, MD

    entity solutions

    Matthew Franceschini, CEO & Co-founder

    ON THE DECK

    Compliance 2022

    Top Vendors

    Compliance 2021

    Top Vendors

    Compliance 2020

    Top Vendors

    Compliance 2019

    Top Vendors

    Compliance 2018

    Top Vendors

    Compliance 2017

    Top Vendors

    Compliance 2016

    Top Vendors

    Previous Next

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Digitalization with the use of digital technologies/Improving business through digital technologies

    Digitalization with the use of digital technologies/Improving business through digital technologies

    Wilbertus Darmadi, CIO, Toyota Astra Motor
    How Marco's Pizza Leaned On Technology To Succeed Amid The Pandemic By Quickly Pivoting To Contact-Free Delivery And Curbside Carryout

    How Marco's Pizza Leaned On Technology To Succeed Amid The Pandemic By Quickly Pivoting To Contact-Free Delivery And Curbside Carryout

    Rick Stanbridge, VP & Chief Information Officer, Marco’s Pizza
    Bunnings  Diy Digital Transformation

    Bunnings Diy Digital Transformation

    Leah Balter, Chief Information Officer, Bunnings
    For a Smarter City: Trust the Data, Ignore the Hype

    For a Smarter City: Trust the Data, Ignore the Hype

    Brad Dunkle, Deputy CIO, City of Charlotte
    Smart Community Innovation for the Post Pandemic

    Smart Community Innovation for the Post Pandemic

    Harry Meier, Deputy Cio for Innovation, Department of Innovation and Technology, City of Mesa
    Artificial Intelligence Enriches Personalized Experiences

    Artificial Intelligence Enriches Personalized Experiences

    Josh Goode, Chief Information Officer, Scan Health Plan
    Investing In Data and Ai to Drive Our Success

    Investing In Data and Ai to Drive Our Success

    Françoise Russo, Chief Information Officer, Tabcorp
    Thai Union-Building a Sustainable Business with Digital Enablers

    Thai Union-Building a Sustainable Business with Digital Enablers

    Rajiv Kakar, Group CIO, Thai Union Group PCL.
    Loading...

    Copyright © 2023 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    |  Sitemap |  Subscribe |   About us

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/ciospeaks/productivity-and-security-can-you-ever-have-both-nwid-765.html?utm_source=google&utm_campaign=apacciooutlook_topslider