Panel of Global 1000 CISOs Share Advice for Implementing Strategic Security Programs, Gaining Stakeholder Support and Measuring Results
Newton, Mass. – November 19, 2015 – CyberArk (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today launched a new industry initiative and report to mine cyber security insight and peer-to-peer guidance from a panel of Chief Information Security Officers (CISOs) from Global 1000 enterprises. The CISO View industry initiative is based on independent research, sponsored by CyberArk.
The CISO View panel’s collective expertise in managing large enterprise security deployments is featured in a new report, “The Balancing Act: The CISO View on Improving Privileged Access Controls.” CISOs from ANZ, Carlson Wagonlit Travel, CIBC, CSX Corporation, ING Bank, Lockheed Martin, Manulife, McKesson, Monsanto Company, News UK, Rockwell Automation and Starbucks provide real-world advice for getting organizational buy-in, implementing sustainable privileged account security programs and measuring effectiveness of the controls.
Making Privileged Account Security an Organizational Priority
One of the goals of the CISO View industry initiative is to provide a forum for the CISO community to share best practices and tangible guidance for building effective cyber security programs.
In the report, the CISO panelists focus on concerns about the potential for compromised privileged credentials, which are the common denominator in nearly all cyber attacks. According to the report, the rise in awareness about advanced threats is prompting many organizations to proactively shore up privileged access controls in order to help mitigate risks.
“If you don’t have good practices in privileged account management, you’re making it very easy for adversaries to traverse your whole network,” said Jim Connelly, VP and CISO, Lockheed Martin. “If they (attackers) get a hold of an over-privileged account, they’ll run through the environment like a brushfire.”
Based on a soon-to-be-released global survey from CyberArk, privileged account security has become a top organizational priority. Survey respondents (primarily IT security professionals) ranked privileged account security second only to endpoint security as the priority for their security programs.
CISO Views – Business Value and Establishing the Right Metrics
Featuring practical first-hand guidance not available anywhere else, the report leverages panelists’ hard-won experiences. It describes what it takes to deploy comprehensive programs that improve privileged access controls at large enterprises, encompassing people, process and technology. The report offers peer advice in three key areas:
- The strategic decisions that CISOs and their teams will need to make, including how to prioritize based not only on risk but also on business opportunities
- The conversations CISOs need to drive across the organization, such as how to negotiate with and influence stakeholders
- The essential components of a successful program, including how to develop metrics to measure security and business results
The panelists describe specific ways to ensure that security and business objectives are aligned including:
- Establish Business Value: Determine the line between “sufficiently secure” and “overly restrictive”
- Focus on Metrics that Matter: Use metrics to steer course corrections, measure control efficiency, and assess the impact of controls on system availability and application performance
- Make Milestones Count: Set early goals in conjunction with business partners, define phases to minimize business disruption, and capitalize on initial successes by creating blueprints for repeatable processes
“We believe the CISO View is an important industry initiative to help organizations that are trying to make informed, pragmatic decisions as they work to improve privileged access controls,” said John Worrall, Chief Marketing Officer, CyberArk. “Peer advice can be an invaluable resource to CISOs as they work to get ahead of the ever-changing cyber threats facing their organizations. We are grateful to the members of the panel for helping the larger community address business-critical security issues.”
For more information about “The Balancing Act: The CISO View on Improving Privileged Access Controls,” visit https://www.cyberark.com/cisoview/. This report is part of the CISO View, an industry initiative sponsored by CyberArk. The report was developed by an independent research firm, Robinson Insight.
About the CISO View Panel
The CISO View panel participants are: Rob Bening, Chief Information Security Officer, ING Bank; David Bruyea, SVP and CISO, Enterprise Architecture and Information Security, CIBC; Jim Connelly, Vice President & Chief Information Security Officer, Lockheed Martin; Dave Estlick, Information Security Chief, Starbucks; Steve Glynn, Global Head of Information Security, ANZ; Mark Grant, Chief Information Security Officer, CSX Corporation; Gary Harbison, Chief Information Security Officer, Monsanto Company; Jim Motes, Vice President and Chief Information Security Officer, Rockwell Automation; Kathy Orner, Vice President & Chief Information Security Officer, Carlson Wagonlit Travel; John Schramm, Vice President Global Information Risk Management & CIRO, Manulife; Munawar Valiji, Head of Information Security, News UK; and Mike Wilson, Vice President & Chief Information Security Officer, McKesson.