Corporate Information Security

28 June 2019

Kartause Ittigen, Switzerland - Hosted by SDA Bocconi

As digital technologies develop and their use in all aspects of business grows, it has become clear that information technology is not just about gaining efficiency, removing cost, or speeding up internal processes. The powerful digital technology developments of the last few years are affecting how enterprises compete externally—being close to your customer is ever more important, and if you’re in a B2B business, getting closer to the end-consumer is too. More and more data, both structured and unstructured, is flowing and is the lifeblood of many businesses. Technology is enabling platform ecosystems, new service delivery models and opportunities through connected products, and facilitating new partnerships to deliver services in conjunction with 3rd-parties via APIs and apps...and it seems the number of tech vendors we engage is increasing daily.

CISOs are asked to lead the charge to ensure all information is stored and exchanged in a secure way, critical information is protected, risk is minimized or mitigated, and creativity and innovation are unhindered...all in a threat environment of increasingly powerful and varied actors, and increased vulnerabilities due to the digital and partnered nature of our business activities. On this day we will each share some of the background, organizational structure and most important security issues of our enterprises, and discuss together some of the key, overarching themes around enterprise information security including reporting structure, governance and relationships, supply chain and vendor security management, and information risk management. Some of the questions we will seek to address are:

• What is your core business—and what are the implications of your business model for information security?
  
  
• Where is your enterprise on the digital transformation journey? What are the critical initiatives/objectives and what do they mean for security?
  
  
• What matters most in information security in your company and context? What are the critical pieces you are protecting?
  
  
• Where does your information security organization sit in the company? To whom do you and your organization report?
  
  
• What is the key challenge you faced and how did it manifest itself?
• How did you seek to address this challenge?
  
  
• What control(s) or tool(s) did you choose to use?
  
  
• What worked well, or not, and why? What were the lessons learned?
  
  
• What is the role of risk management within good information security? Is risk management formalized and what is the value it offers?
  
  
• What are the components of proper information risk management?
  
  
• When is a risk management discussion triggered? What is the baseline?
  
  
• Who owns risk in your company?