Fairview Health Systems Chief Information Security Officer (CISO) Barry Caplin described the importance of security and risk management in today's organizations during his presentation at the 2014 CISO Leadership Forum in Chicago on Nov. 19. In his presentation, "#%! My CISO Says," Caplin noted securing an organization's sensitive information is rarely simple, but there are numerous ways to ensure an organization can protect its data against myriad threats.
According to Caplin, security and risk management are organization-wide concerns. And if an organization can focus on the benefits of security and risk management, Caplin said, it can find ways to prevent data breaches: "This is our problem. We know the enemy and [it is] us. We are causing this problem. Well, not those of you in this room because we’re working together here, but our peers are causing part of this problem. Security is viewed as a negative."
Security and risk management controls are essential because they can help an organization stop data breaches both now and in the future, Caplin said. However, each organization must find controls that meet its needs, Caplin said, to succeed in today's global marketplace. While some controls may work better than others depending on the organization, Caplin noted that an organization that is committed to security and risk management can find controls that work well: "What we really need are sensible controls. All controls are not created equal. All organizations are not created equal. What works in my environment based on regulatory requirements may or may not work in yours."