"A CSO’s role requires managerial skill, know-how on technology and process knowledge," says Murli Menon, Director & CSO, CSR (India, Poland & Romania) and CISO, APAC, Atos
Murli Menon, Director & CSO, CSR (India, Poland & Romania) and CISO, APAC, Atos talks to CSO Forum on Next Gen CSOs.
Excerpts from the interview:
How has the threat spectrum evolved in India and the world?
Today, the risk is anytime, anywhere, as in the case of mobile devices. From a threat perspective, mobile devices and gadgets that people use has brought in lot of gaps. Mostly, these type of threats are related to user behavior, as reflected in recent studies deeming it the topmost risk.
What are the challenges you face while training your team to tackle future threats?
It is important to look into the way an organization prepares itself with respect to the evolving threat. Many times we implement technology without knowing what the business requires. For example, when some vendor comes in, you review the product and straightawaytry and implement it. However, we need to ensure that the product is suitable for your business. From that point of view, a total review involving the business, security professionals, IT personnel and Proof of Concept (POC) needs to be done.
What skills should a next-gen CSO possess in order to be part of the company board?
Security is a tricky subject. Most of the senior level management may not understand it well. He/she needs possess the talent to fit into the role where he/she is able to correlate with 'what is happening' around and convey it to the top management. In this way, no panic is created and issue is resolved smoothly. Hence, a CSO’s role requires managerial skill, know-how on technology, and process knowledge.
What is on your agenda for the next three years?
My agenda for the next three years is to have good Governance, Risk and Compliance (GRC). Ideally, people say that auditing is a usual process but it is not. If a company remains complaint with rules and regulations and standards, then probably some kind of security assurance can be given to customers.