Setting security strategy for a global operation can require a comprehensive approach that includes alignment with business priorities—especially when the organization’s mission is to support the smooth operation of global financial markets.
One step removed from the securities trades that pulse through the global financial systems 24/7 is an infrastructure that facilitates backend clearing and processing—and ideally also provides risk mitigation, 透明度, and efficiency to the marketplace. One company providing such services for a large swath of global transactions is the Depository Trust & 清算 Corporation (存), which operates in 15 countries and last year processed securities transactions valued at $2.1.5亿亿年.
While 存 focuses on the safe and efficient processing of global transactions, Stephen Scharf, the company’s chief security officer (CSO), focuses on centralizing and aligning global information security, business continuity, 物理安全, 员工的安全, and crisis/incident management. Scharf says his aim is to develop and execute a holistic approach to both risk management and resilience across the organization.
In a conversation with Nitish Idnani, a principal with Deloitte Risk & Financial Advisory of Deloitte & Touche LLP), Scharf shares his insights on several critical issues, including thoughts on the potential tension between efficiency and resilience, his work with the Sheltered Harbor initiative, and the organization’s response to the COVID-19 crisis, 在其他主题中.
Idnani作为存的CSO, what are your strategic objectives and how does resilience factor into those strategies—is it an objective, 一个推动者, 或者别的什么?
Scharf: It’s really a combination of all three. Our high-level security objectives are aligned to our business priorities and mapped to the firm’s broader goals. Resilience is critical to our security strategy because of the important role we play in protecting market stability globally and our designation in the U.S. as a Systemically Important Financial Market Utility (SIFMU). But resilience is less an objective than something that is embedded in every initiative we pursue. We don’t want to create security and resilience silos that are separate from 存’s business priorities. 例如, when we consider new business initiatives that could introduce cybersecurity risk, we identify the potential issues early in the development process and tailor our security efforts to directly address those threats.
Click here to continue reading the full interview in the Wall St. 杂志.