Securing the Data LifecycleGlaxoSmithkline's Williamson on Prioritization of Risk
The pharmaceutical sector across all geographies has always been rich in data and is only growing by volume.
"The volume of data created over time through clinical studies, R&D activity, business groups and research partnerships is humongous; keeping track of the data and aligning it with business processes is a huge challenge," says London-based Steve Williamson, director of IT risk management at GlaxoSmithkline.
Against this data explosion, data protection strategy becomes very important to define the pharmaceutical value chain across its data lifecycle including research, development, manufacturing and marketing.
According to Williamson, it is a challenge for CISOs to comply with laws and regulations to protect trade secrets, ensure product safety and supply-chain continuity.
Additionally, security leaders must prioritize the risks and have effective controls to identify important assets, assess threats, select security safeguards and implement and monitor safeguards.
"It is equally critical to prioritize controls based on the most likely threats. For this, awareness of the most likely attack patterns for your specific company will help prioritize controls," he says.
In this interview with Information Security Media Group at the GISEC event in Dubai, Williamson explains how a risk-based approach will ensure that most valuable assets and data are protected against the most likely threats using the most effective controls. He also explains:
- The impact of assessment matrix and collaboration;
- Methods of risk identification;
- Security management and remediation program;
Williamson is a business-focused IT leader with a track record of successfully delivering Information Security programs within a global pharmaceutical organization.
In a career spanning over 25 years, he's held positions of software engineer, project manager, with his current position being director of quality, risk and compliance. He has gained strong expertise in information risk management, application security, data privacy, computer systems validation, controls development and audit & assurance.