EC-Council Encourages CISOs to Adopt a New Risk Management Process to Prevent Information Security Breaches

Share Article

The damage created by the highly publicized security breaches in 2011 has many Chief Information Security Officers (CISOs) seeking alternative ways to create strategies to manage risk. A new risk management process called Business Wargaming will help the CISO forecast future scenarios and build better proactive and reactive strategies.

News Image
The traditional way of developing an IT Risk strategy becomes very difficult. The ever-growing lists of new regulations and compliance needs are like never before adding complexity to the environment.- Nitin Kumar

EC-Council released a new white paper that introduced Business Wargaming, an alternative method to conventional CISO practices. Traditional CISO business strategies focus solely on known risk factors and often fail to consider the evolving and complex risk landscape. Business Wargaming prepares the CISO for external threats and unknown risk factors. It equips them with the knowledge necessary to properly establish IT security incident handling processes.

The author of the white paper, Nitin Kumar, global executive and managing consultant, said, “The advent of game changers like mobile apps, social media, cloud computing and the likes have breathed new meaning into the risk landscape. The traditional way of developing an IT Risk strategy understanding risk, managing, mitigating and monitoring becomes very difficult. The ever-growing lists of new regulations and compliance needs are like never before adding complexity to the environment.” To read the white paper, please visit:

The need for sound strategic information security (IS) processes has never been greater. The escalated increase in security breaches in 2011 has raised a red flag to businesses regarding their current IS procedures. Last year a security breach cost Sony over $180 million. At that time Sony did not have a CISO in place to lead an effective information security risk strategy.

According to a recent survey by Ponemon Institute, the cost of the average information security breach has steadily risen throughout the last 5 years. Today, an average data breach will cost an organization over $7 million.

"You need a CISO today to manage not only the IT risks, but understand and influence the business risks that are imposed on the company by the decisions and strategies it takes.", said John South, CISO at Heartland Payment Systems, in a recent article by BankInfoSecurity.

To learn more about Business Wargaming and how it can be used to mitigate and manage risk, please go to this link to read EC-Council’s “Wargaming for CISOs” White Paper.

EC-Council is committed to providing Information Assurance Executive Professionals with the latest Information Security news and trends from the industry’s leading experts. Readers of this White Paper are also encouraged to look into EC-Council’s Certified Chief Information Security Officer (C|CISO) Certification and EC-Council’s CISO Executive Summit Series. To view the full report complete with key takeaways from the CISO Executive Summit or to attend or speak at upcoming CISO Executive Summits, please click here. If you would like to receive more information about EC-Council’s Chief Information Security Officer Certification program, please click here.


Marissa Easter – Marketing Communications Specialist (marissa(dot)easter(at)eccouncil(dot)org)

About EC-Council’s Chief Information Security Officer (C|CISO) Certification:

C|CISO is the first certification of its kind to equip Information Assurance leaders with the most effective toolset to defend organizations from cyber attacks. It recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organization goals. Applicants can take advantage of the Grandfather Provision until September 2012. The Grandfather Provision is open to highly-skilled and experienced professionals who can demonstrate and prove proficiency in the 5 C|CISO domains. For more information about C|CISO, please visit:

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst/Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Marissa Easter- Marketing Communications Specialist
Visit website