What are CSO's thinking about? Top information security initiatives for 2008 and beyond …
Anand Singh - Target Corporation
Jan 30, 2008Size: 484.6MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
Abstract2006 and 2007 were seminal years which saw emergence of several information security threats and significant data breaches. The media focus on various incidents have made consumers much more aware of information security and hence, any significant security breach results in a significant loss of brand image.
As a result, corporate boards are demanding more information security controls as a part of their risk management oversight. This has forced a rethink among the C-suite executives and has increased the importance of information security in their eyes. The CSO's are seeing an elevation in prestige and importance and are becoming empowered to contribute to the organizational strategy by defining information security as a part of organizational governance and risk management framework.
The objectives of this talk are two fold. First, the focus will be on practical aspects of information security in most organizations. I will describe how Information Security is becoming a more central function and how the organizational roles and responsibilities are transforming as a result. Second, I will talk about the top information security initiatives for 2008 and what is driving those including examples and explanations of what transpired in several security breaches. Some of those initiatives are governance, wireless security, hardening of network infrastructure and data loss prevention. Throughout this talk, where applicable, I will also identify information security challenges that have not proven tractable in the hope that it will help inspire research ideas.
About the SpeakerAnand Singh is a manager of Information Security at Target Corporation and is responsible for providing security consulting services to the company. His team has security oversight of Target infrastructure and applications and ensures that their development and implementation is consistent with Target Security Standards and is compliant with government and industry regulations. Anand keeps a close watch on emerging threats, security trends and retail industry trends and provides senior technology leadership in the domain.
Prior to joining Target, Anand was with USBank where he had executive responsibilities for disaster recovery & incident management, performance engineering, enterprise architecture and test automation. Anand extensively dealt with security issues in financial industry while working on SinglePoint initiative, a web-based banking solution for organizations that combines payment services, monitoring, imaging and fraud prevention. Anand has also worked at Parametric Technology Corporation, a leading solution provider in Product Data Management (PDM) space as a Principle Engineer and at Silicon Graphics/Cray Research as a Super Computer designer.
Anand has extensive domain knowledge of retail, finance and manufacturing. He has established multiple offshore development centers and is very conversant with benefits and challenges associated with that. Because of his extensive management as well as technology background, Anand is not only able to define long term organizational strategy and vision, he is also able to advance it through tactical goals. Anand has an M.S. in Computer Science from Purdue University and B.Tech. from Institute of Technology, India with major in Computer Science and minor in Computer Engineering.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.