A group of information security luminaries that call themselves the Security for Business Innovation Council have a new report that explores why “legacy methods of evaluating information security risk don’t work in today’s connected world,” and recommends a number of organizational paradigm shifts to align security with innovation. One of them could be read as a call for a title change for CISOs.
Entitled “Mastering the Risk/Reward Equation: Optimizing Information Risks to Maximize Business Innovation Rewards,” the report recommends changes in organizational thinking and behavior. Among them is moving the security team’s focus from information security to information risk management “to signal that the goal is to achieve an acceptable level of risk.”
The report, and a companion survey by IDC Research on whether innovation and security are collaborative or combatative, are both sponsored by RSA, the security division of EMC. The self-anointed council consists of 10 Global 1000 security executives, including Dave Cullinane, CISO at eBay, Roland Cloutier, CISO at EMC, and Craig Shumard, CISO at Cigna. Of note, two of the execs on the panel already have morphed titles. Anish Bhimani is managing director, IT Risk Management at JP Morgan Chase and Andreas Wuchner, Head of IT Risk Management, Security and Compliance at Novartis.