RSA President on the Case for a Risk-Based Security ModelRohit Ghai Discusses a Business-Driven Approach
CISOs and other enterprise security practitioners are embracing the idea of a business-driven security model that takes a risk-oriented approach to help create "a safer world," says Rohit Ghai, president of RSA.
"In many organizations, the risk office and the security office are actually getting closer together organizationally," Ghai says in an interview with Information Security Media Group at the recent RSA India Summit.
"In board meetings ... what used to be a very subjective conversation in terms of are things good, bad or getting better or worse are now transforming into a very risk-centric conversations, where they are taking a very business-driven view ... Cybersecurity conversations are becoming business conversations rather than technology conversations. ... Eighty-five percent of boards are at least every six months having a conversation about cybersecurity."
In the interview (see audio link below photo), he offers insights on:
- A sustainable model for information security practitioners to balance convenience versus security;
- Ways to quantify risks to demonstrate the business value of security;
- Essential steps required to prepare for cyberattacks, including collaboration between the security and IT departments.
As president of RSA, Ghai is responsible for all aspects of the business and accelerating growth by setting strategic direction and driving operational execution. He advises global customers on their digital and security transformation initiatives as well as data privacy, content management, information governance, digital risk and cybersecurity. Previously, Ghai served as president of Dell EMC's Enterprise Content Division. Before that, he worked at Symantec, where he held a variety of senior engineering and general management roles.