Frank Vibar, Head for IT Infrastructure, Information Security and Business Continuity of Jollibee Foods Corporation.
The evolving and growing complexity of cybersecurity in the digital transformation (DX) era is driving the need for a Digital Risk Officer (DRO) in organisations, said Frank Vibar, Head for IT Infrastructure, Information Security and Business Continuity of Jollibee Foods Corporation. He was speaking at the Computerworld Philippines Security Summit in Manila last Tuesday (25 April 2017).
Vibar explained that DROs should focus on understanding the impact of security in the business, communicating it with top management, and helping them understand the importance of investing in security.
As such, besides knowledge in the business, Vibar noted that a DRO must also have a "background in security because he/she needs to champion security within the whole organisation. When we say security, it is not just physical security or just IT security, but the whole security including risk, and privacy."
He added the DROs will manage Chief Information Security Officers (CISOs) and other security and risk management roles on physical security, business continuity, audit, and privacy.
Developing a security strategy for digital transformation
In his presentation, Vibar also advised businesses to create a compelling vision of trust and resilience goals when developing a security and risk strategy for their digital transformation.
In addition, they must expand the traditional objectives of confidentiality, integrity, and individuality to include safety. "Digital attacks with physical impacts are no longer a novelty... IT security must also now deal with safety risks," noted Vibar.
He added businesses must embrace the six key principles of resilience that will guide them on strategising and making decisions daily. These include: protecting business outcomes, empowering users, being able to detect and respond to security threats, addressing the needs of the people, controlling data, and doing risk-based compliance.
Lastly, Vibar said the strategy must involve developing and maintaining an adaptive, context-aware security architecture that will allow organisations to effectively respond to continuous changes in the business, technology, and security.
Other stories from the Computerworld Security Summit Series 2017:
- [Singapore] GlaxoSmithKline's Winston Chew: What is Singapore doing to step up its cybersecurity game plan?
- [Singapore] UBS' Christian Karam: How has ransomware evolved over the years?
- [Singapore] GovTech's Chai Chin Loon: Adopt security-by-design mindset to combat new cybersecurity threats
- [Singapore] Singapore Institute of Technology's Steven Wong: How Asian organisations can develop an effective incident response plan
- [Singapore] Defending against the new wave of cybersecurity threats
- [Singapore] Singapore Fintech Association's Chia Hock Lai: Why should security professionals pay attention to the rise of fintech?
- [Singapore] Standard Chartered's Sudhir Panda: How to avoid becoming WannaCry's next prey
- [Malaysia] Combatting cyberattacks with a strategic mindset
- [Philippines] DICT's Allan Cabanlong shares Philippines' cybersecurity game plan
- [Philippines] Asian Development Bank's Alain Duminy: Taking a bi-modal approach to IT governance
- [Philippines] How IT leaders can get everyone involved in cybersecurity
Sign up for CIO Asia eNewsletters.