• Home
    •  > EMC India
    •  > Press Releases

    Bookmark and Share
    20 January 2012

    Leading Chief Security Officers Outline Roadmap to Combat Advanced Threats

    RSA Sponsored CISO Panel Highlights Intelligence-Driven Security
    as Strategic Game Changer in Battling Cyber Foes
    Bangalore, India — January 20, 2012 —RSA, The Security Division of EMC (NYSE:EMC), released new insights from a group of the world’s leading chief security officers, designed to help corporations and governments dramatically improve visibility into advanced threats ranging from industrial espionage and disruption of business and financial operations to sabotage of corporate infrastructure.
    The research report is the ninth in a series from the Security for Business Innovation Council (SBIC), and provides both business and technology executives with specific recommendations on how to develop an intelligence-driven approach to counter advanced threats.  Based on the real-world experiences of 17 top global information security leaders, the report provides a playbook for enterprise security executives who wish to leverage the universe of intelligence data available to help detect, predict and mitigate cyber attacks.
    “The day-to-day use of cyber risk intelligence is no longer just for government agencies – it’s a required competency for corporate survival,” said Art Coviello, Executive Chairman of RSA.  “The tempo and serious nature of recent attacks calls for urgent and bold countermeasures that position organizations not only to detect advanced threats, but also to predict how attacks may occur so they can take steps to help mitigate risk and impact. Combating advanced threats requires a new security mindset and vastly improved practices for gathering, sharing and acting on cyber risk intelligence.”
    Intelligence-Driven Security: a New Defense Doctrine for Advanced Threats

    The SBIC is a group of top security leaders from Global 1000 enterprises convened by RSA to discuss top-of-mind security concerns and opportunities.  In the group’s latest report, “Getting Ahead of Advanced Threats: Achieving Intelligence-Driven Information Security,” the Council advocates for a new defense doctrine for combating advanced threats.  Called “intelligence-driven information security,” this collaborative, big data approach includes:
    • The consistent collection of reliable and actionable cyber-risk data from a range of government, industry, commercial, and internal sources to gain a more complete understanding of risks and potential exposures.
    • Ongoing research on prospective cyber adversaries to develop knowledge of attack motivations, favored techniques and known activities.
    • The growth of new skills within the information security team focused on the production of intelligence.
    • A process for efficient analysis, fusion, and management of cyber-risk data from multiple sources to develop actionable intelligence.
    • Full visibility into actual conditions within IT environments, including insight that can identify normal versus abnormal system and end user behavior.
    • Informed risk decisions and defensive strategies based on comprehensive knowledge of the threats and the organization’s own security posture.
    • Best practices to share useful threat information such as attack indicators with other organizations.
    “It can be hard to digest having to develop a multi-year plan to learn who your adversaries are and how they’re going to steal from you,” said Tim McKnight, Vice President and Chief Information Security Officer, Northrop Grumman.  “Quarter-by-quarter, you may not see any losses.  It could be years until you see the losses – when all of a sudden, out of the blue, a company in another part of the world becomes the leader in your space, having subsidized itself with your R&D investments.”
    The Council’s new report lays out a six-step roadmap to achieving intelligence-driven information security:
    Step 1: Start with the Basics
    Inventory strategic assets, strengthen incident-response processes and perform comprehensive risk assessments.

    Step 2. Make the Case
    Communicate the benefits of an intelligence-driven security program to executive management and key stakeholders.  Identifying “quick wins” to prove value out of the gate is essential for gaining broad organizational support, including funding.

    Step 3. Find the Right People
    Look for professionals who can blend technical security acumen with analytical thinking and relationship-building skills.

    Step 4. Build Sources
    Determine what data from external or internal sources would help detect, predict or lessen the chances for a targeted attack; evaluate sources on an ongoing basis.

    Step 5: Define a Process
    Codify a standardized methodology to produce actionable intelligence, ensure an appropriate and timely response and develop attack countermeasures.

    Step 6: Implement Automation
    Find opportunities to automate the analysis and management of large volumes of data from multiple sources.
    PDF copies of “Getting Ahead of Advanced Threats: Achieving Intelligence-driven Information Security,” areavailable for download from the Security for Business Innovation Council website at
    About the Security for Business Innovation Council
    The Security for Business Innovation Council is a group of Global 1000 security executives committed to advancing information security worldwide by sharing their diverse professional experiences and insights. 
    Council members contributing to this report include:
    ·         Marene N. Allison, Worldwide Vice President of Information Security, Johnson & Johnson
    ·         Anish Bhimani, Chief Information Risk Officer, JPMorgan Chase
    ·         William Boni, Vice President and Chief Information Security Officer, Corporate Information Security, T-Mobile USA
    ·         Roland Cloutier, Vice President, Chief Security Officer, Automatic Data Processing, Inc.
    ·         Dave Cullinane, Chief Information Security Officer and Vice President, Global Fraud, Risk & Security, eBay
    ·         Dr. Martijn Dekker, Senior Vice President, Chief Information Security Officer, ABN Amro
    ·         Professor Paul Dorey, Founder and Director, CSO Confidential and Former Chief Information Security Officer, BP
    ·         Renee Guttmann, Chief Information Security Officer, The Coca-Cola Company
    ·         David Kent, Vice President, Global Risk and Business Resources, Genzyme
    ·         Petri Kuivala, Chief Information Security Officer, Nokia
    ·         Dave Martin, Chief Security Officer, EMC Corporation
    ·         Timothy McKnight, Vice President and Chief Information Security Officer, Northrop Grumman
    ·         Felix Mohan, Senior Vice President and Chief Information Security Officer, Airtel
    ·         Robert Rodger, Group Head of Infrastructure Security, HSBC Holdings Plc.
    ·         Ralph Salomon, Vice President, IT Security & Risk Office, Global IT, SAP AG
    ·         Vishal Salvi, Chief Information Security Officer and Senior Vice President, HDFC Bank Limited
    This report also includes expertise from guest contributor William Pelgrin, President & CEO, Center for Internet Security; Chair, Multi-State Information Sharing and Analysis Center (MS-ISAC); and Chair, National Council of ISACs (NCI).
    About RSA

    RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance and securing virtual and cloud environments.
    Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit and
    About EMC
    EMC Corporation (NYSE: EMC) is the world’s leading developer and provider of information infrastructure technology and solutions that enable organizations of all sizes to transform the way they compete and create value from their information.  Information about EMC’s products and services can be found at
    # # #
    RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries.  All other company and product names may be trademarks of their respective owners.



    Debjani Gupta
    RSA, The Security Divison of EMC
    +91 9821243750
    Nishtha Sharma
    Six Degrees PR Consultants
    +91 9819326284


    Bookmark and Share
    Related Assets

    Other articles in Press Releases:
    • EMC Provides the Foundation for Tulip Telecom’s On-Demand Cloud Storage and Backup Services in India at an Unprecedented Scale
    • Jaguar Land Rover Selects EMC Isilon to Drive its Simulation Operations
    • EMC Documentum ECM Named Market Leader by Industry Leading Analyst Firm
    • RSA Estimates Worldwide Losses At $520 million in H1 2011 From Phishing Attacks
    • Search

      Search for:

    • Featured Video

      HP IPG Press Meet in Delhi- Ajay Gupta, VP R&D, HP IPG

      Ajay Gupta, Vice President, HP IPG Group R &D Hub demonstrates ePrint capabilities and talks about cloud innovation being done at HP together with Vyomesh Joshi.
    • Featured Image


    • Twitter Updates

        follow CloudNewsIndia on Twitter »

      You must be logged in to view this item.

      This area is reserved for members of the news media. If you qualify, please update your user profile and check the box marked "Check here to register as an accredited member of the news media". Please include any notes in the "Supporting information for media credentials" box. We will notify you of your status via e-mail in one business day.