CISO Forum Meet - January 2014

IDRBT organized the CISO Forum Meeting on January 30 and 31, 2014. Twenty six CISOs across various banks participated in the Forum.

Starting the proceedings, Shri B. Sambamurthy, Director, IDRBT stressed on the need for collaboration amongst the banks to speed up the process of development. The key points of the opening remarks is as given below:

  • He stated that metrics is an important tool to measure and gives assurance to the Top Management about the status of Information Security and therefore metrics be aligned with Information Security for Compliance, Governance and Operational Risk.
  • CISOs need to extend their circle of influence that affects all corners of an organization in all areas.
  • The need for CISOs to have enough expertise to exercise influence over their IT organization and to socialize security programmes.
  • Need for formation of Standing Committees in important areas like Security Risk in Online Commerce, Cloud Computing and Mobile Security. He expressed that the CISOs could provide a handbook on Information Security that could be used by non-IT personnel.

The 2-day Forum included sessions on various topics such as Security Information Sharing, Leadership and Teamwork for Effective Collaboration, Insider Threat and Digital Forensics, Building Threat Intelligence and Guiding Banks on Security Incidents; demos of Information Security Incident Tracker and Technology Risk Assessment Model (TRAM); an interaction with AP Cyber Police about the dangers of phishing, lack of security, lack of awareness and latest trends in cyber crimes.

A group discussion was also held on Srinagar Security Metrics Initiative which was categorized into Enterprise Metrics, Data Metrics, Application Metrics and Platform Metrics. Finally, the CISO meet came up with various initiatives such as Mobile Device Management, Security Incident Tracker – UAT and Governance Model, Digital Forensics Framework, etc.