Photo: Delegates attended the morning Executive Briefing organised by CIO Asia Magazine at Raffles Hotel in Singapore.
In an increasingly connected world, security breaches such as data leaks, Denial-of-Service attacks and social Hacktivismare some of the challenges that organisations have to grapple with.
Experts from the new Security Systems unit in IBM explored the options that organisationshave to protect themselves, and the changing role of senior security leaders.
Almost 50 CIOs and senior IT managers attended the morning Executive Briefing organised by CIO Asia Magazine at Raffles Hotel on 24 July, 2012. They were keen to stay apprised of the latest threat landscape, and to learn how to better protect their organisations.
Combating against evolving threats
"The world is becoming more digitised and interconnected, opening the door to emerging threats and leaks," observed Chris Mallon, Sales Leader, Security Systems, IBM Worldwide.
Mallon related how IBM, like other companies, had always had domain level expertise in security -- incorporating security considerations in individual solution domains.
However, its acquisition of Q1 Labs has enabled a holistic approach that integrated the various domains, producing best of breed security solutions with real-time cross-silo capabilities.
"At the same time, IBM has set up the X-Force -- a special unit that focuses on security and response to new vulnerabilities and threats," Mallon said.
He divulged that the team was able to plug security holes in operating systems within single-digit hours, whenever a new vulnerability was discovered. This was much more rapid than the owners of the operating systems as IBM had a vested interest in ensuring that their clients' systems were secured.
Enabling continuous compliance across the enterprise
Collin Penman, Business Unit Executive, Security Systems, IBM ASEAN, gave an overview of the Payment Card Industry (PCI) and the Data Security Standards (DSS) to be complied with. He described the IBM Security Framework for implementing PCI and illustrated how the PCI DSS requirements could be mapped to the products and services in the Framework.
"The PCI DSS is a set of comprehensive requirements for enhancing payment account data security. It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures," explained Penman.
Penman guided the attendees through the six principles and 12 requirements specified in the PCI DSS, explaining in-depth a few of the more pertinent issues -- out of 170 line-items.
The requirements were applicable to all system components that were included in or connected to the cardholder data environment -- specifically the part of the network that processes cardholder data or sensitive authentication data. These included network components (firewalls, switches, routers, etc.), servers (Web, database, email, etc.) and applications; although network segmentation may reduce the scope of the cardholder data environment.
Sign up for CIO Asia eNewsletters.