Bob Blakley, global head of information security innovation at Citigroup
"I want to save my wishes for things which are truly out of my control; most things aren't worth wasting a wish on because we can just do work and accomplish them. But we have to have the people to do the work. And the most important thing that's out of my control is how many security people exist in the workforce. So here's my wish: I wish for enough skillful security professionals to meet not just my program's hiring needs, but every program's hiring needs. Why the generosity? Because as we're learning from recent breaches, a successful attack on one organization can also hurt other organizations."
Jason Taule, CSO, FEI Systems
"Pause button. I'd like to trade in my 'easy button' for a 'pause button.' Having supportive leadership and ample technology budget might seem like the be-all end-all, but it's only the beginning. Change is not constant as many believe. Yes, it is ever-present, but its rate is actually increasing. I'd like a pause button to keep industry drivers and technology stable long enough to get things implemented. And generating a meaningful return on investment would be a bonus.
"A magical balancing scale. Success demands striking the exact right balance between security controls and the needs of the business. Too strict and we hinder operations and results. Too slack and we yield too much to our adversaries. This magic scale would always indicate the exact right balance without undue impact or the need for constant tuning."
"Uniform standards. As the adage goes, the beautiful thing about standards is that there are so many from which to choose. Unfortunately as a governance standard to guide investments in security, privacy and risk management, 'reasonable and appropriate' is neither reasonable nor appropriate. Legislators and rule makers mistakenly believed they were helping by not dictating terms [and allowing] us instead to each decide for ourselves what is proper. However, until we set a minimum compliment, on a per-industry basis of course, allowing everyone to do their own thing puts us all at risk, especially given how interconnected and interdependent we've become. Singling out individual organizations for fines and penalties for failures may make affected customers feel better. But I humbly suggest we might all be better served knowing that our competitors and partners alike all had to incur the expense of meeting the same set of basic requirements."
Sign up for CIO Asia eNewsletters.