BIRMINGHAM – There is no task more difficult for a CISO than stepping into that role at a large organization that has never had a CISO and has recently experienced a devastating breach that is at least partly responsible for the departure of senior IT management and the CEO.
Securitycurrent polled its contributors to compile advice for Brad Maiorino, newly appointed as the first CISO at Target. They offered the following:
?The security concerns at a retailer are dramatically different than at a manufacturer such as General Motors or General Electric. Every organization has a base level of security requirements that includes endpoint hygiene, user access control, and compliance. What sets retail apart from a manufacturer is the different community of threat actors. So my advice is change your mindset from defending against industrial espionage, a long term threat, to defending against cyber criminals who have only one goal: infiltrate your transaction process at any level to steal customer data.? Analyst Richard Stiennon
To read the rest of this column, click on SecurityCurrent.Com
