Santander head of operation risk, Michael Paisley, has warned that the industry needs to take a wider view of risk to cover all angles of information security.
Speaking on a panel at the Information Security Conference in London, Paisley said:
Further reading
Intellect: Banks need to change their IT infrastructure or risk losing customers and revenue Santander leaks 22,600 account details Banks told to establish social media risk management programme
"We need to be asking; what is information security going to do for risk management? Because the only reason we do information security is to manage the risks to the organisation. If there was no risk from information security, we wouldn't have the information security trend.
"[But] just to say the two are linked is not quite the trend picture as it needs to be seen," added Paisley.
"We're all risk managers whether we want to be or not. So the question is, do we all understand what we're trying to achieve?"
Paisley added that, no matter what a person's role in risk, "what we're all trying to do is minimise uncertainty around the objectives of the organisation".
"In my book," said Paisley," there's no such thing as information security risk; there's just risk."
Paisley stated that "blended teams" that have a range of skills including raw IT and analytics are essential to "mange a risk and present it in the right way".
"If you've got a team that's purely IT-focused, they may do a brilliant IT job, but there's question marks over their ability to be able to do other stuff.
"If you've got a team that's good at analysis, you'll equally have a problem," continued Paisley, "so a blended team is actually what's required to get you to the point where you're managing risk effectively."
Fellow panellist Amar Singh, CISO for News International, pointed out that most organisations would lack the resources to build such a team.
"A blended team sounds like nirvana. Most of us haven't even got a tenth of the security staff we need, so to have the staff to do all this seems idealistic," he said.
