Equifax’s Jamil Farshchi: Security shouldn’t be a trade secret | #government | #hacking | #cyberattack

Equifax CISO Jamil Farshchi has pulled back the curtains on cybersecurity operations, saying that he believes “transparency to all stakeholders to the deepest degree reasonable” makes for a more secure company.

“If we have transparency, it makes sure we’re up to snuff in every facet of our program. It makes sure that no one is looking at a patch log and says ‘It’s no big deal,’ because they know everybody is looking,” he says. “I think it ultimately makes you more secure, and you’re able to withstand any sort of targeting.”

Farshchi’s not just waxing philosophical: He is, in fact, sharing details about the work he and his team are doing, the threats they’re facing, and the challenges they have.

The company, a multinational consumer credit reporting agency, in March released its 2021 Security Annual Report. It outlines the company’s cybersecurity investments and provides details about its policies and procedures.

“If you’re a customer or an investor, it shouldn’t take a breach for you to find out a given company’s security posture. Companies should be required to make public the health of their own cybersecurity,” he says.

As most veteran CISOs know, Farshchi’s approach has not been the profession’s historical stance. Instead, the workings of the security function traditionally have been opaque to external groups—particularly customers—as well as internal business units and executive colleagues.

Copyright © 2022 IDG Communications, Inc.

Original Source link

Leave a Reply

Your email address will not be published.

twenty eight + = thirty six