Posted by Robert Vamosi on July 5, 2016
A recent panel discussion hosted by a computer analysis firm has concluded that compliance officers lack technical expertise and clear ownership of the technologies involved.
According to the Wall Street Journal, Paul Nielsen, chief executive of the Software Engineering Institute at Carnegie Mellon University, said because so many executives are uncomfortable with technology they try to wall themselves off from it. “But they can’t” he said, adding that executives and boards “need to become more technology literate.”
Lev Lesokhin, head of strategy and analytics at CAST, a software analysis and measurement company, said “The issue is becoming more and more technical but the people who control it are not.”
Lesokhin said that companies needed better use of analytics to properly assess their software risks and the costs associated with mitigating–or not mitigating–those risks. As such information would allow companies to make more informed decisions about what software can progress and be released to the public or what needs to be worked on more and fixed. “So looking at those from a software analytics standpoint becomes really important.”
Kevin Fedigan, head of asset servicing and broker-dealer services technology at BNY Mellon, said his bank using a scoring system to determine risks. This allows executives to set priorities for which issues to address first. “We’ll say this is a low risk and go up to a high risk, depending on how it could be exposed,” said Mr. Fedigan.
Financial institutions today are more than 20 years old and not capable of providing the necessary security to protect data and software, said Benjamin Rehberg, managing director at Boston Consulting Group. Financial institutions, he told the panel, are more connected but using the “same old technology.”
Get the latest AppSec news and trends sent directly to you.