Published: 17 Jul 2008
| In the four years since it was founded, the Jericho Forum has promoted a new approach to information security, one that takes into account that traditional hard boundaries between the company and the rest of the world are fast dissolving. Adrian Seccombe, CISO and senior enterprise information architect at pharmaceutical giant Eli Lilly and a Jericho cofounder, explains how Jericho principles are put into practice inside Eli Lilly.
What has been the catalyst for change in your business?
How do you keep risks under control when sharing information with outside organizations?
But I want to emphasize that the FIPNET is not an IT thing. It is a business objective of Eli Lilly. It is a recognition that we can do more by working with outside organizations than we could deliver by ourselves.
With such a focus on information assets, how you are classifying and managing information?
Every time someone saves a record into SharePoint, classification is a required field. And we know that for most of the time, it is going to be green. It is the responsibility of the person storing the field to change from the default setting of green to amber if for example they spot intellectual property or Social Security numbers that warrant a higher classification.
Many are skeptical about information security ever becoming a business enabler. What effect will this have on Eli Lilly's business?
If the organization can start doing things much more cost-effectively in a manner that is much more secure than their competitors, that is a big advantage. It is all about deriving value from your information assets at an acceptable level of risk.
Read the full interview with Adrian Seccombe, including a full explanation of the Jericho Forum's COA, at searchsecurity.com.