3 4 August 2014 I N F O S E C U R I T Y M A G A Z I N E

n Leadership specialSponsored by:

3 4 August 2014 I N F O S E C U R I T Y M A G A Z I N E

n Leadership special

August 2014 3 5I N F O S E C U R I T Y M A G A Z I N E

Sponsored by:

n Leadership special

and Data Security in its portfolio. It is an exciting experience to drive a function which is a business enabler, adds value to the business and facilitates in building trusted relationships with customers and partners.

According to you what are the big challenges CISOs facing today?I see challenges for CISOs on three major fronts; Identifying business value of an information asset is an important parameter in data security management, Defining

real-time and business-oriented security policies is complex as one needs to keep pace with emerging technologies, diversifying business domains, expanding geographies and ever-increasing data varieties and last but not the least, integrating and correlating event patterns from various data environments within the enterprise and in logically connected partner systems need more sophisticated and logical technology backing.

Do you believe in ‘information security outsourcing’, and if so, to what extent?The CISO function is just an enabler who ensures that everybody on their part understand and execute this function as appropriate to their

job role. However, there are a few functions outlined below which can be outsourced while ensuring appropriate management controls in place. For example, certain functions may need specialist audits which require functional knowledge on specific regulations, standards or business domains; infosec audit firms with proven expertise in the domain can be utilized well to do risk based assessments; or external partners with creative skills can support information security training.

How do you define the thin line difference between data privacy and data security?Data privacy is the end, and data security is the means to it. Often used interchangeably, these terms have a symbiotic relationship. While data security focuses on three attributes of

data - confidentiality, integrity and availability, data privacy ensures appropriate use of data by focusing on prevention of unauthorized exposure of data. From regulatory standpoint, violation of data privacy regulations poses severe damage.

What will be your suggestions to information security vendors providing solutions to reach your expectations and satisfaction?Security offerings should be packaged as an integrated solution rather than a product. It should consider the people, culture, technology and specific business scenario of the organization. More the accessibility to technology, more the elements of people and culture to it, that needs to be tackled intelligently. l

Georgie KurienHead - Information Security, UST Global

‘Information Security Risk Management Should be Entrenched into the Organizational Culture’

Tell us in brief about your professional journey till date.I have been with UST Global since 2006 and heading its Information Security function for the last two years. Prior to that, I worked with the Indian Space Research Organization as a scientist in Checkout & Simulation Systems, and was part of the team that developed mission-critical ground checkout systems for the Indian Space Programme. I started my career with KELTRON (Kerala State Electronics Development Corporation), as a

network engineer. I am a B.Tech in Computer Science from University of Kerala. My professional certifications include CISA, CISM, CRISC, CSRM, BCCE & CEH and Lead Auditor Certifications in ISO 27001:2013, BS 25999:2006 and ISO 20000:2011.I am also a member of ISACA.

Why did you choose information security as a profession?What started as an additional responsibility of IT operations, in early 2000s the function gained a more independent identity as an Information Security department with focus on data security across all relevant operations. By late 2000s, it transformed into a distinct CISO and boardroom function with Governance, Risk, and Compliance