Compass Awards

Fleury: Shoring Up Internal Defenses

CSO Compass Award winner Lynda Fleury, CISO with insurance company Unum, thinks companies should look inward to strengthen information security's weakest link

By Joan Goodchild, Senior Editor

March 24, 2009CSO

Things have changed quite a bit since the early days of Lynda Fleury's career. She remembers when the IBM 8086 running MS-DOS was hot technology. Fleury, who has almost three decades of experience in infosec, was recently named a Compass Award winner by CSO. The CISO with Tennessee-based insurance company Unum sat down with Senior Editor Joan Goodchild to discuss her thoughts on the challenges facing information security today.

CSO: How do you make the case for security as a business driver in these tough economic times?
Lynda Fleury: It's a challenge. Especially where the company is going through some economic challenges and wants to keep our budget flat. We strive to secure our initiatives with the business. Everything we are doing in 2009 is in alignment with our critical success factors. Two of those are extended availability along with quality.

There are some things we are looking at this year that we have put off in past years, such as event correlation. We are looking to invest in event correlation to streamline internal processes and reduce the need for a headcount increase. The goal is to make things a little more effective and efficient.

We are also looking at data loss protection as a way to align with our business strategy around protecting information that has been entrusted to us by our customers. One of the key things customers are always asking about is data loss prevention.

Obviously there is a list of things I would like beyond that. If my CTO or CIO came to me and said 'You've got five million dollars to spend this year,' I would know exactly what I want to spend it on. But being a good corporate citizen means realizing that everybody is facing challenges right now. I dont want to ride the coattails of risk anymore and Sarbanes-Oxley. I'm seeking to do things that are meaningful to the quality of our program around information security and protecting out critical assets.

Is DLP the big priority now for security?
I think it is. There are a couple of factors. There seems to be a slowdown in the swirl around acquisition of boutique products. So you have some of the big players investing in that technology to round out their total security suite of tools. I think the other thing is it is becoming a liability not to have DLP. And for us, it's more around how do you measure compliance with your existing policies and procedures around data protection and information privacy.

Linda Fleury

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors