This page contains a Flash digital edition of a book.
Q A&


with Ric Handren


REPUTATION IS EVERYTHING


SECURITY MATTERS SITS DOWN WITH RIC HANDREN, VICE PRESIDENT AND CSO OF THE CANADIAN IMPERIAL BANK OF COMMERCE (CIBC), TO DISCUSS THE CHALLENGES HE FACES PROTECTING A MAJOR CANADIAN FINANCIAL INSTITUTION AND WHY EVERY BUSINESS SHOULD TAKE SECURITY SERIOUSLY


Security Matters: As CSO of the CIBC, what is your mission and what are your main job responsibilities? Ric Handren: Our mission and main job responsibilities are to provide gover- nance, leadership and subject matter ex- pertise to the CIBC group of companies, as it relates to safety and security of people, assets, information and, of course, our corporate reputation.


SM: What specific challenges do you have when it comes to developing, maintaining and improving the security of a major financial institution? RH: The level of complexity within the fi- nancial industry is constantly evolving. We in security must evolve with it, entering into new markets, geographical areas, evolving technology, introducing new products, and being constantly targeted by criminal organizations. We must be both proactive and reactive on all fronts to try and stay ahead of the curve and that requires a security program that is nimble, adaptable and forward thinking.


SM: How would you compare the role of security in a business today to what it was five, 10, 15 years ago? RH: Change is ever constant and the fi- nancial industry, technology and the way business is conducted has changed so much in the last 10 to 15 years. We were challenged then and we’re challenged now. We’ll always look to mitigate risk, re- duce losses and maintain the reputation of the organization. It’s always challenging.


SM: In your role at the CIBC, how have you integrated the physical and logical aspects of security?


8 SECURITY MATTERS • FALL 2011


RH: This has been an adventure. Con- vergence is not a common theme in Canada within organizations; there’s only been a couple of organizations that have gone through it. We have ap- proached this collaboratively on all fronts with all stakeholders, and we’re still working towards the best program design by getting input from all parties to make sure we do it right. We’ve put in place executive steering committees that represent all of our key partners within the organization. That way we ensure we’re moving down the right path. I definitely believe we’re heading in the right direction, and that is to allow us to build higher levels of efficiency and effectiveness within the CIBC.


SM: Security and privacy seem to be joined at the hip these days. As such, why is maintaining a balance between security and privacy so delicate in today’s society? RH: There is often a competing interest between security and privacy, so safe- guarding information needs to be em- bedded in the culture of the organization. Security also needs room to meet its mandate, and as a result there must be a close collaboration between key stake- holders to keep both security and privacy properly aligned yet independently func- tional, and that is always a balance.


SM: How important is it for businesses to train and educate employees about corporate security policies, practices and policies? RH: I think it’s very important because employees are our greatest assets so when doing training, education in areas


such as financial, physical and informa- tion security are a must to ensure a good quality program. Knowledgeable em- ployees equal a better overall security program to both mitigate risk and to pro- tect the reputation of the organization.


SM: What can Canadian businesses learn from all of the data breaches that have made headlines over the past 12 months? RH: I think they can learn that it can happen to any organization and no- body is safe. We need to review our programs and security measures to en- sure that we have a comfort with the level that is in place, and we need to educate our people. What is key is making people cognitive of what they need to know so they don’t fall into any of these traps.


SM: In today’s corporate world, the use of CCTV technology seems to be growing on a daily basis. Prior to im- plementing a company-wide video sur- veillance system, what considerations should businesses take? RH: Prior to implementing a surveil- lance system, you really need to iden- tify why you want to do so, and know exactly which issues you are addressing by putting the program in place. You will need to consult with legal, privacy and business groups to ensure that all are on the same page, operating to meet risk mitigation needs, but also to meet the legal requirements. Prior to putting the system in, you have to so- cialize it with all of the employees and put a good policy in place to ensure it is managed properly.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40