
Understanding Risks helps Prioritization and Focus


Elizabeth Hackenson, CIO & Senior Vice President of Global Business Services, AES
Maximizing cost ef ciency for information security and ensuring that you have secured full internal buy-in
Information security is a broad challenge facing most businesses today and while given significant attention in recent years, it has intensified in the last 18 months. Threats span multiple industries and attacks have been more widely publicized. Senior management and corporate boards are now asking for routine updates and want to know about countermeasures being planned and implemented by organizations.
"With your risk profiles defined, being cost effective comes down to prioritization and focus"
One of the most important first steps to address information security is to assess the risk to your business. Companies have varying degrees of risks and knowing what you need to protect is critical. Understanding your risks is a partnership between the CIO and/or CISO and business leaders. With your risk profiles defined, being cost effective comes down to prioritization and focus. I’ve found that this can be done successfully in three steps.
Pinpointing top vulnerabilities and Understanding the organization’s strategic objectives and its full risk profile gives the CIO and/or CISO perspective about what information is most critical to protect and where the vulnerabilities in the company’s information infrastructure are. With this laser view you can minimize your spending by selecting products and services that will net you the highest value-add.
Identify mitigation solutions. A combination of products, services and partners can be used to minimize vulnerabilities. It is the responsibility of the CIO and/or CISO to determine the solutions that will strengthen its security relative to the business-led prioritized vulnerabilities. As the number of information security companies has grown exponentially, it can be daunting to select available services. The way we have approached our selections is to leverage multiple contacts (peer networks to government agencies) to benefit from their knowledge and experience. A company can save a lot of time and money by asking people they can trust the most – their external peers. CIOs have an unstated bond – we are always willing to give each other advice leveraging our own successes and failures.
Lock down risks. After a solution is selected, implementing it is just as important. Monitoring is critical too since information security is a 24x7 job. For companies that cannot afford to add significant security resources, partnerships with information security companies are essential. While, AES leverages such partnerships, we also have built strong relationships with governments and law enforcement agencies who have helped guide us as well.
At AES foundation, IT experts are engaged from the network layer to the systems analysts and engineers who support our plant control systems. These experts communicate in a sophisticated technical language that is not always understood by non-technical people. While many of their efforts are critical, they alone cannot protect our ecosystem.
In closing, protecting information comes down to the decisions made and actions taken by people in your organization each and every day. The more people educated - from your board to the front office – the better protected your information can be. Securing information is a 24x7 activity and monitoring is one of the best defenses as well as continuous education.
Featured Vendors
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
How "Cloud Compulsion" Impacts Legal Preservation and eDiscovery...
Championing the Health of the Individual
How Marco's Pizza Leaned on Technology to Succeed amid the Pandemic...
Digital Tack
Step In, Step Up, Or Step Off!
The Art of Digitalization
