Governance & Risk Management , IT Risk Management , Video

Are You Spending Too Much or Too Little on Security?

Canon Information Security Director Quentyn Taylor on Measuring How Much Is 'Enough'
Quentyn Taylor, director of information security, EMEA, Canon

How do you know whether your organization has invested enough money and time in security? As director of information security for Canon EMEA, Quentyn Taylor is often asked this question. "I'll be honest with you - just to set some expectations here, I don't have the correct answer," he admits.

See Also: Safeguarding Election Integrity in the Digital Age

Taylor recommends that you ask your senior stakeholders, "What do you expect?" and then add, "I can't stop everything." He says it is the security leader's responsibility to educate key stakeholders "who are signing off on all your money, and to say, 'I can't stop everything, and neither should I stop everything.'"

"If I stop everything and try and reduce risk down to zero, which is impossible, then I'm also going to throw away huge amounts of opportunity that you're just not going to be able to use to be able to realize revenue," Taylor says,

When it comes to securing the supply chain and working with partners, Taylor advises, "make sure that you apply an appropriate level of control" and are prepared to answer these questions: "What's the value of the assets we have down here? How much money do we spend with them? How quickly can we change away from them?"

In this video interview with Information Security Media Group, Taylor discusses:

  • How to gauge whether your organization has invested enough in security;
  • Why benchmarking against peers is not the answer;
  • Why the information security community must help organizations that are "below the InfoSec poverty line."

Taylor is director of information security for Europe, the Middle East and Africa at Canon, an imaging equipment and information systems provider. Before joining Canon, he worked in a variety of businesses, including internet service providers and startups.

About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.