Risk Management: Taking a 'Surgical' ApproachAccenture's Kelly Bissell on Tailoring Security Methods for Vital Assets
CISOs need to precisely tailor their risk management strategies to protect the specific high-value assets of their organization; a broad-brushed approach will never work, says Atlanta-based C.Kelly Bissell, managing director and global lead, Accenture Security.
"Sometimes security people are great technology people but they may not understand how the business works," Bissell says in an interview with Information Security Media Group. "So the first thing they need to do is understand where are the crown jewels. Is it the point of sale? Sometimes it's client contracts. Sometimes it's pricing tables or marketing plans or mergers and aquisitions. They need to understand all their crown jewels that effect their business - what's important ... and then tailor the [security] solutions to protect [them] and detect bad things that occur."
That means avoiding what Bissell calls a "peanut butter approach" to security that involves spreading the same controls across all areas. "What they need to do is be more surgical," he stresses.
In this interview (see audio link below image), Bissell also discusses:
- The need to involve third-party partners in developing a comprehensive approach to risk management;
- New authentication methods to protect vital assets;
- Best practices for a breach response mechanism
Bissell oversees Accenture's end-to-end security capabilities across all industries. He has more than 25 years of security experience, and now specializes in incident response, identity management, privacy and data protection, secure software development and cyber risk management. Prior to Accenture, Kelly headed global cyber risk for Deloitte & Touche LLP, overseeing cyber teams across Europe, the Middle East and Africa. Previously, he held various leadership positions with Arthur Andersen, BellSouth (AT&T), Medaphis and McKesson.