Edward Lim, Senior Director, RSA, suggested, "Every country and every sector is grappling with this issue about threat intelligence. In Israel, they built an energy security operations centre (SOC) for the power and utilities sector. Like all industries, energy sector CIOs are constantly scrutinising their logs at the individual organisation level but with the sectorial SOC, they can analyse if there are overlaps in their processes. So the intent is to examine how can they streamline and optimise their processes in the sector and share intelligence so that the whole sector can benefit and be alerted to an attack or breach."
He notes, "Intelligence always needs a business context and business context requires a domain requirement. Even in the broadest sectors such as financial services, the risk profile of a stock exchange is different from a bank or from an insurance company. You need a higher level of expertise in that domain or have to outsource it to external experts. This is where risk management and security intelligence come together to protect corporate assets."
Prioritising Security at the Boardroom
Most CIOs agreed that cyber security was now at the forefront of boardroom agendas. In recent years, attitudes had changed and many in senior management viewed security risk management as critical, and are investing heavily in infrastructure to manage their security and business risks. Oon Jin Gee, Head, Infocomm and Organisation Excellence, SMRT, believes this change of heart is due to a better understanding of what he describes as 'business confidential not military confidential'. He states, "Not everything in a commercial organisation must be certified top secret. There are entirely different risk priorities for different assets. If you spend the time to examine what you have, you quickly realise the difference."
Sign up for CIO Asia eNewsletters.