[ISN] 'Operation Aurora' Changing The Role Of The CISO

From: InfoSec News <alerts_at_private>
Date: Wed, 17 Mar 2010 00:19:36 -0600 (CST)

By Kelly Jackson Higgins
March 16, 2010 

The Operation Aurora attacks that hit Google, Adobe, Intel, and other 
U.S. companies was not only a wake-up call for businesses in denial 
about persistent targeted attacks and cyberespionage, but they also have 
forced the chief information security officer (CISO) to step out of the 
corporate confines and reach out to peers at other organizations.

Some CISOs, such as members of the Bay Area CSO Council -- whose members 
arguably were one of the worst-hit by Aurora -- had already been 
confidentially sharing various types of attack information among one 
another long before Aurora. Gary Terrell, president of the council and 
CISO at Adobe, says the CISO's job has mostly been about governance, 
risk, compliance, and some operational aspects. "It was sometimes 
associated with incident response. Now it's becoming more [associated] 
with incident response and will be into the future," he says, who was 
speaking on behalf of the council.

Terrell says the CISO's role is moving toward engagement: "In the past, 
the CISO had more of a technical role. Now the CISO has to understand 
legal and privacy issues and how to engage outside the company to gather 
intelligence, like with the Bay Area CSO Council," he says. "The CISO 
has to understand emerging markets if with an international company" and 
any associated threats in specific regions, he says.

The Bay Area CSO Council serves as a vehicle for CISOs to safely and 
securely share their attack experiences. When an advanced persistent 
threat (APT) attack occurs, many members are on the phone with one 
another three times a week rather than for just their regular monthly 
teleconferences. "[This is] just to get information flowing faster. They 
are putting together artifacts, and they are shared across [the 
members]," Terrell says. "They are able to collect a huge number of 
artifacts that helps them take this back into their detection and 
defense mechanisms," including intrusion prevention system (IPS) 
signatures, for example, he says.


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Tue Mar 16 2010 - 23:19:36 PDT

This archive was generated by hypermail 2.2.0 : Tue Mar 16 2010 - 23:27:13 PDT