Intelligent CISO – Gemalto CTO on the CISO’s priorities for 2019

intelligent-cisoJason Hart, CTO, Data Protection at Gemalto, outlines what CISOs should be prioritising as we move into 2019.

There is no doubt that 2018 has been a memorable year for cybersecurity professionals and the industry as a whole. From overseeing the implementation of the General Data Protection Regulation (GDPR), to the record-breaking number of data breaches, CISOs have had increasing pressures on their shoulders. And, as technologies like Artificial Intelligence (AI) gain more prominence and emerging technologies such as quantum computing are pursued even further, 2019 looks like it could be another hard year for the industry.

Read the full article here.

The Indian Express – Guidelines for chief information security officers

indianexpressIn its guidelines for govt CISOs, IT ministry highlights 8 best practices.

With an aim to spread awareness about the growing cyber threats to the chief information security officers (CISO) posted in every department of the government, the Ministry of Electronics and Information Technology has issued best practices guidelines to ensure a safe and secure cyber environment when it comes to data stored by the government.

“In the event that the confidentiality, or privacy, of the data is breached, an organisation must have controls, such as encryption, key management and user access management, in place to ensure that integrity of the data isn’t tampered with and it can still be trusted. Regardless of any concerns around manipulation, these controls would protect the data in situ and render it useless the moment it’s stolen,” Jason Hart, vice president and chief technology officer for data protection at Gemalto.

To read the full article click here.

IDG Connect – Does the CISO role need to be formalised?

idg_logoJason Hart, CTO of Gemalto, is on a mission. He wants to formalise the role of CISO. “If I want to be a CFO I need various qualifications,” he explains over the phone. “If I want to be a CISO that isn’t the case.” He believes the role of CISO should be formalised – like an accountant – with mandatory regulations and training. “This doesn’t need to be complicated,” he stresses. “The simpler it is the better.”

The position of CISO is a difficult one though. The business importance of this individual has changed rapidly over the last few years and some see the position as a classic short-term fall guy – ready to be fired with the first breach. Hart says to do the job well you need someone geeky, good with people and good with business processes. “The dynamics of a CEO, if you like.”

“I was an ethical hacker,” he adds “and every successful breach came down to understanding the business process and understanding the level of risk.” He believes this means that while being technically savvy is a useful skill for CISOs to have, the most important thing is to understand business processes. “If you come from a non-technical background [you might be better at] engaging the board members.”

It is the fluidity that comes with the role, however, that many individuals see as a challenge to regulation. Ian Platt, Co-founder and President of Bromium tells me, when I meet him in London, that he thinks “as an industry we’re too early for this”.

“A lot of policy is wrong,” he says “offering the example that 95% of contracts [specifically state you must run anti-virus on every machine.”

To read the full article click here.