Page 61 - Cyber Warnings
P. 61
Managing Risk
It’s not possible to eradicate all potential risk; it is just a part of life. Where there is profit to be
made or leverage to be gained, organizations and their customers will come under fire and, as a
result, there will always be attacks and attempts at data breaches. This is especially true in
cybersecurity, given the low cost of generating a breach, the difficulty in locating and
prosecuting hackers and the lucrative reward of a successful breach to cybercriminals.
However, managing risk is certainly possible. This has always been a key function of the Board
– assess risk and make appropriate tradeoffs to manage it, considering the impact across the
organization. Security is no different and, in conjunction with the CISO and the rest of the C-
Suite, the Board must consider security versus many other factors, including cost, performance,
agility, autonomy and empowerment, strategic initiatives, projects and planning, and go-to-
market.
Rising to the Challenge
It is also important to note that policy and information governance are two of the most critical
areas for consideration. These are areas where the Board and senior leadership can really
make a substantial contribution to an organization’s security. The technical details can be
worked out by a well-funded, savvy, empowered IT department, and HR and other line of
business staff can address specific elements of policy and procedure. However, high-level
decisions on policy and approach to information security need to come from the offices of C-
level executives.
In a world of professional cybercrime syndicates, nation-state hackers and hacktivists, everyone
finds themselves on one side or the other when it comes to cybersecurity. Thinking about data
safety in terms of long-term stewardship will give the cyber stewards a leg up and help their
organizations to respond swiftly with a well conceived strategy when a breach occurs.
About the author:
Drew Del Matto brings over 20 years of financial management experience and expertise in the
network security market. Prior to joining Fortinet, Drew held a variety of senior management
roles at Symantec including acting chief financial officer, as well as senior vice president and
chief accounting officer. Drew also served as Symantec’s corporate treasurer and vice president
of finance business operations, responsible for all treasury functions, various aspects of
mergers & acquisitions, pricing and licensing, financial planning and analysis, and revenue
operations. Prior to Symantec, Drew held senior finance leadership roles with Inktomi
Corporation and SGI Corporation. He began his career as a CPA in public accounting with
KPMG LLP.
61 Cyber Warnings E-Magazine October 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
