"I now consider the one that has active threats to be higher risk," said Thompson.
Thompson believes that whether or not one's title explicitly includes the "R," every CSO takes what he calls a "risk-related perspective" today, out of necessity. Verisign CSO Danny McPherson agrees, saying his approach is "intelligence-driven security." What that means is McPherson considers the context in which Verisign of Reston, Va., operates. "We want to use our best resources to make sure our high-value assets are protected," he said.
McPherson and many others believe enterprise risk management should be a cross-functional phenomenon.
"You need to break down those information silos. It's about connecting the dots for the business. How does a new product, a new press release, a new competitor —how do these affect the company's threat level, and how do we get back to an acceptable level of risk?" he said. "Given the global nature of business today, it becomes harder and harder to wrap your arms around that. How do we invest intelligently? How do we protect ourselves and our customers in the most effective way? Risk management needs to go beyond just checking off boxes that are required by regulations. "
The only way you can protect the enterprise, McPherson believes, is by understanding the context and the landscape in which your business operates.
"If you can leverage that information and collect it and provide context, you will be more agile and adaptive as a result of that. And risk level goes down."
To Scotia Bank's Thompson, given the Internet and the explosion in digital information, information security touches every aspect of business today. And he is pleased to be helping his company to take abreast of the full range of information risks its faces today.
It will surprise few that CSOs who already have a strong connection to the business are already well positioned to embrace the CRO role described here. Thompson and McPherson are both in constant contact with their business counterparts and enjoy that aspect of their jobs.
"I like to be the jack of all trades," said McPherson. "I love getting a handle on the business context and contributing to the strategic direction. It is so critical to have those feedback loops, to sit down together and challenge each other's assumptions."
McPherson said he is lucky to have executive team support to do this.
"I couldn't do it without that."
Sign up for Computerworld eNewsletters.