Virtualization and Cloud executives share their predictions for 2016. Read them in this 8th Annual VMblog.com series exclusive.
Contributed by Ron Kuriscak, Director of Information Security in the Office of the CISO at Optiv
Leaders, Liability and Litigation
-
Software security / product liability will increase significantly:
With the proliferation of computing
devices (of all types) now running automobiles, medical device and the
majority of our lives, organizations can no longer go to market and be
held legally liable. Organizations that go to market with insecure
products will see a significant increase in legal
litigation.
-
Non-proliferation of CISO's:
Organization' have been slow to adapt a true security leader at the
C-suite within their organizations. Many organizations have tried to
demonstrate how seriously they take IS Security, but have positioned
these leadership positions at the director level. How can a security
leader be an equal and debate security issues as
a peer if they are positioned at a lower leadership level. How can an
organization demonstrate its due diligence and due care responsibility
with information security and position their leadership at subordinate
levels?
-
Organizations will be litigated in greater numbers in relation to gross negligence:
Organizations
will no longer be litigated at the time of a breach, they will be
litigated on what they did six months prior to the breach. Organizations
need to show that they are taking information security seriously, and
dispel an gross negligence concerns. Organizations
need to address information security immediately, they can't delay or
enhance their legal liability.
-
Security leaders need to be leaders:
Security leaders need to be the security leaders of their organization
and be able to present, be the figurehead, and sell security to all
levels of the organization. Many organizations have ineffective and weak
IS Security leaders, adding to their program's ineffectiveness /
struggles.
##
About the Author
Ron Kuriscak, Director of Information Security in the Office of the CISO at
Optiv, a security service provider
Kuriscak is an accomplished chief security
and chief information security officer with proven excellence leading enterprise security programs. Prior to Optiv, he was
senior
manager, Security Advisory Services at EY
and for nearly four years, he served as chief security officer at financial services firm
ECMC. He also served as lead security analyst for the
State of Minnesota; security analyst at Donaldson, the nation's largest and consistently growing filtration manufacturers, and as adjunct
instructor at ITT
Educational Services, Inc.