Marking Your Security Controls to Threats to Expand DefensesReliance Industries' Dube on Adjusting Controls to Support Growth and New Tech
For years, the banking industry has operated under the concept of "mark to market," adapting the valuation of an asset to the market price. In cybersecurity, organizations should mark security controls to threats that are out in the market, says Durga Prasad Dube, executive vice president at Reliance Industries.
"In information security, the controls must always be marked to the threat. If you are not changing the control, your tools will become obsolete. I call this 'mark to threat,'" Dube says. "You cannot have a lock and always think that lock will work because you always have to see whether somebody will break that lock. If you have an eye on those things, then your lock will become very resilient."
In a video interview with Information Security Media Group at ISMG's Dynamic CISO Excellence Awards and Conference, Dube discusses:
- How the concept of "mark to threat" needs to be deployed;
- Implementation challenges;
- A security road map for the year ahead.
Before joining Reliance Industries Ltd., Dube was executive director and global head of a risk management practice for Paladion Networks. He has more than two decades of experience in risk management and information assurance.