Intelligent CISO Issue 54 | Page 70

BUSINESS SURVEILLANCE

HOW MODERNISING OUR SECURITY POSTURE HELPED GROW OUR BUSINESS

David Weisong , CIO at California-based environmental consulting firm , Energy Solutions , explains how the company has gained a competitive advantage to win more business as a result of modernising its security posture .
yberattack threats

C against utility companies continue to rise in quantity and sophistication and , as the CIO of an environmental consulting firm that works with them , their concerns are our concerns .

Considering that our work includes handling sensitive personally identifiable information ( PII ) and location data , our utilities clients are smart to ask us to verify our security practices and to ask us to undergo validation checks conducted by third parties .
This security scrutiny has become ever more heightened year-to-year – as it should be . From encryption to access controls to mobile device management to employee training , clients continually raise the bar when it comes to the protections they wanted to see in place .
This evolution recently led us to take a hard look at our security offerings and to acknowledge that a range of improvements was in order if we were to keep pace with our clients ’ evolving requirements . Following that honest inventory , our organisation committed to building out a more robust , more modernised information security programme capable of delivering the next level of protection .
The decision wasn ’ t just good for security posture . Holistic and provable security can be a differentiated advantage to win more business , as it has been for us . Here ’ s what we did .
Planning a holistic cybersecurity stack by following an established blueprint
To begin , we identified SOC 2 Type 2 certification as an ideal framework for structuring our security capabilities . Intended for services organisations like
David Weisong , CIO , Energy Solutions
ourselves that manage customer data , SOC 2 Type 2 compliance requires safeguards that prevent physical or logical access to sensitive data and systems .
SOC 2 Type 2 also calls for controls that ensure the security , availability , processing integrity , user confidentiality and privacy of client data . Committing to the pursuit of SOC 2 Type 2 certification ensured we ’ d have a structured approach to meeting the breadth of our client ’ s security needs .
Implementing upgrades to encryption and more
Our SOC 2 Type 2 certification planning made our need for new encryption
70 www . intelligentciso . com