 "Always Keep The Thinking Cap On For Security")
When it comes to security, I always stress on one point. Security is not only about just doing one’s job or meeting compliance, it is about creating a wholesome security mindset.
Ensuring security means being conscious and alert all the time about the information that resides in the organisation and coming up with strategies for protecting it from any kind of leakage or theft.
Needless to say, a CIO has to have a very thorough understanding of various security policies. He needs to know compliance requirements like the back of his hand. He needs to educate his team and the end-users of his company about various security risks. Most times employees do not realise that they are exposing their company to security vulnerabilities. Creating awareness is key here. The CIO should engage with the CEO and other senior functionaries in the framing of security policies and should also update them with regular status reports. IT security is a matter of organisational concern and it is apt to have management involvement.
A best practice that should be followed is ensuring classification of all company data. This basically means sifting through the organisation’s information and classifying it on the basis of functionality and importance. This way, there is a proper demarcation of information and it becomes easier to know what is confidential and what information can be made public.
CIOs need to put an end-to-end security practice in place. This should entail security of information that resides in an organisation, security of mobile devices, security of information in the cloud, if any, and physical security of information assets.
But while at it, we should also keep in mind the convenience of the users. You can have a high level of security, but again if it causes inconvenience to users then you can be sure that its purpose is lost. Rather than ensuring compliance, it will lead to breach of security.
Furthermore, it is imperative that all security measures undertaken should be monitored at regular intervals. Many times security personnel’s say that they’ve done their duty by putting in various security measures. However, the job doesn’t end there. Security is an ongoing process and every CISO should be on top of all security measures at all times. He needs to keep abreast of latest threats and ensure newer and upgraded security tools are in place.
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
