Most will agree that corporate databases are a rich source of confidential and private information. This data needs to be protected via methods that comply with corporate and government regulations. New data requirements demand technology changes, but will IT organizations have the budgets, skills, tools, and processes necessary to keep the information residing in these databases secure?
Recent ESG research illustrated that cyber supply chain security is extremely immature in most large organizations, an alarming fact given today's sophisticated threats and targeted attacks. Many CISOs claim that cyber supply chain security is relatively new and there are no best practice guidelines to follow. IBM's recently published Secure Engineering Framework Redguide may help bridge this knowledge gap. Outlining its internal best practices for software assurance and cyber supply chain security, IBM provides a set of valuable guidelines that CISOs can customize and emulate for their own needs.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.
© 2015 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188