Changing Landscape of IT Security. How should a CISO prepare for the battle?

We have developed the myth that technology can be an effective fortress – We can have security.

Traditional focus on:

  • Better Firewalls
  • Boundary Intrusion Detection
  • Critical Offsite Capacity
  • Compliance Certification


  • IT staff = security staff
  • Compliance failure is the main source of risk
  • Being compliant = being safe


The Internet is fundamentally open:


  • We don’t know what’s on our own nets
  • What’s on our nets is bad, and existing practices aren’t finding everything
  • Threat is in the “interior”
  • Threat is faster than the response
  • “Boundaries” are irrelevant
  • We don’t know what is on our partner’s nets nor on the points of intersection
  • Compromises occur despite defenses
  • Depending on the motivation behind any particular threat, it can be a nuisance, costly or mission threatening

(Read more:  Top 5 things a CISO should evaluate to benchmark an IAM solution)

What Can We Do?

Network MUST be:

  • Defensible
  • Hostile
  • Fertile

 Another Approach - Awareness

  • Not Really an Either / Or Scenario
  • The APT History shows an Initial Entry Vector to the Network Through Spear Phishing.
  • It’s MUCH easier to gain entry through tricking an employee to click on a link than finesse your way through a firewall.

 Good awareness program for enlightening your staff to the dangers of Spear Phishing

(Read more:  Bring out the "Thought Leader in You" ! Become our guest author)


  • With Security assurance, I am not intending to make the system "HACKER PROOF", but surely device a mechanism which can, to a large extent
  • It is all about the ability to EXPECT THE EXPECTED before we are ready to EXPECT THE UNEXPECTED.
  • Advanced Persistent Threats Can be Defeated

You can predict the future based on the past. The enemy can't change all his techniques, and once you've learned about your adversary, you can deal better with the oncoming waves of attacks.

As attacks have migrated from targeting systems via exploits to targeting people, security breaches are growing in number and sophistication. Therefore, it is no longer acceptable to rely exclusively on preventative measures . . .

New Technology Gadgets are also under Threat

Many users of the Mac OS X platform still view it as absolutely safe, primarily because Apple has assured them for many years that the system is more secure than PCs. However, recent analysis has challenged that assertion. There are significant numbers of Mac users. Botnet (as Trojan-Downloader.OSX.Flashfake) to have attracted the attention of experts in Q1 was the zombie network built of Mac OS X computers. In March 2012, Flashback infected about 7,00,000 computers across the globe.

CISO Team needs to wear different shoes, meaning wear the shoes of his/her customer and participate in building requirements then (s)he may be able to deliver better shoe

-By Sharat Airani

More:  Want to share your insights? Click here to write an article at CISO Platform

Views: 773

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

Comment by Sharat AIRANI on February 17, 2013 at 7:43pm

Thanks Bikash. Yes, I agree about Application level too. Now with mobility in place (mostly) apps are available on different devices. It is also one of the biggest concern and it may run into different aspect..!!

Comment by bikash on February 17, 2013 at 3:50pm

Sharat, very nicely written article. Btw, what's your thoughts on application level threats? 

Comment by Sharat AIRANI on February 14, 2013 at 8:58pm

Personally, I think CISO should keep this on the RADAR. Educating will help.

Comment by Harry duke on February 13, 2013 at 8:40pm

Hi Sharat,

Truely the IT Security landscape is changing very fast and it is difficult to keep pace with it.I absolutely agree on "It’s MUCH easier to gain entry through tricking an employee to click on a link than finesse your way through a firewall." So educating your staff is very essential,but do you think a CISO should take this more seriously and allocate budget for such education?


Security Trends and Emerging Technologies That A CISO Should Adopt In 2021

Started by Priyanka Aash Mar 3. 0 Replies

What are the challenges you as a CISO have been facing since the last year and share some security trends that are catching up? Help the community by sharing your knowledge and personal views on this subject. Or if you have any specific questions…Continue

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

Follow us

Contact Us


Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */