HOME
NEWS

How the role of traditional CISO changes with the increase in Application related attacks?


By VARINDIA - 2018-10-30
How the role of traditional CISO changes with the increase in Application related attacks?

With the ever-increasing number of cyber attacks and rapidly changing threat landscape, the role of CISO has been more critical for entire business operations and sustenance. CISOs face constant challenges regarding what tools and infrastructure security solutions to procure to secure their IT assets. They have built layers of defensive security solutions but in spite of all measures, they often face concerns with malicious hackers who find security vulnerabilities within their Application and often threaten them with some ransom.

 

CISOs are often not ready for these kinds of challenges and don’t know how to handle these hackers. Business reputation and continuity can be a huge stake in this situation. Enterprise needs to have a roadmap on how to develop and improve security maturity level. Security should be considered as philosophy and culture within the organization and should align their people, process and technology to achieve that.

 

Enterprise Strategy Group has nicely crafted Cyber-security Maturity Model using a scoring system to divide enterprises into three distinct segments in terms of their Cyber-security skills, resources, and technologies as: Basic, Progressing, and Advanced organizations. It provides analysis by focusing at four areas: Cyber-security philosophy, People, Process, and Technologies.

CISOs can use this model as a guideline to assess their current security posture, plan out a future roadmap and overcome shortcomings faced by other enterprises.

 

To improve the security posture of application security, CISO can take few initiatives. First is creating a coordinated vulnerability disclosure policy. Second is adopting bug bounty program for continuous security testing of application.

 

For Vulnerability disclosure policy, organizations can follow ISO/IEC 29147:2014 which provides guidelines for the disclosure of potential vulnerabilities in products and online services. Vulnerability disclosure policy acts as first point of communication for external security researchers to reach out organization’s security team to report security vulnerabilities they have discovered from organization’s internet facing digtial assets. It also defines scope, rules of engagement, disclosure policy which sets clear guidelines and expectations for security researchers.

 

Bug Bounty programs are effective means to incentivize security researchers to discover critical vulnerabilities in both internal and public facing applications. Enterprise can set rewards/ bounty scheme for every researchers who provide the first unique valid vulnerability submission. Bug bounty as application security strategy has already been successfully adopted by leading organizations such as Google, Facebook, Uber, Dropbox and came to a logical conclusion that embracing a crowd of allies will a create a level playing field against the crowd of adversaries.

 

The fundamental principle of testing is “more eyes to the application, more vulnerabilities could be found”. Websites and applications of enterprise are used by many users holding critical data. Using an army of security researchers or crowdsourced security researchers can bring diverse skill set and multiple scenarios to identify critical vulnerabilities. The key to stay ahead of malicious hackers is “Discover and fix these vulnerability as early as possible before malicious hackers could find”. This could be achieved by employing a large number of crowdsourced security researchers.

 

Aligning Security with Organization’s business goals

 

The key concern of CISOs is how to align security with organization’s business goals. It is essential to identify and map critical business application & IT infrastructure with context to business objectives. These critical business application needs continuous security penetration testing to identify security vulnerabilities and fix it early one. Bug-bounty platforms like SafeHats, help enterprises to create vulnerability disclosure policy for their public facing digital assets and provide a platform for external security researchers to report any kind of security issues if they find while using any of the enterprise’s digital assets. This also helps to streamline security incident management process. The platform manages the communication coordination between external researchers and internal security team. CISO must adapt to proactive approach in identifying vulnerabilities and stay ahead in security of their business assets.

 

Sandip Panda
CEO & Co-founder, InstaSafe

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA