Australian CIO Summit 2019

Register your interest

Please fill out the form below

Choose the option*

While we hope you can join us for this event, Marcus Evans delivers over 1000 annual events globally, so if we miss you this time we would love to keep you informed by email of other related events in your specific area of interest. Is that ok?

Yes    No

*Mandatory fields

  • Get a new challenge

  • How Infosec Can Become a Business Enabler


    Dr Tim Redhead of DotSec, a sponsor company at the upcoming marcus evans Australian CIO Summit 2013, on how organisations can ensure information security becomes a business enabler.

    Interview with: Dr Tim Redhead, Director, DotSec


    Chief Information Officers (CIOs) need to focus on information security requirements, processes and infrastructure, rather than on products or trends, advised Dr Tim Redhead, Director, DotSec. “They should manage infosec in a way that it becomes a business enabler rather than a hindrance,” he added.

    From a sponsor company attending the upcoming marcus evans Australian CIO Summit 2013, Dr Tim talks about information security, risk management, and infosec cost reduction.

    What do CIOs overlook when it comes to IT security?

    We have observed that when CIOs approach infosec projects with less focus on requirements-driven, infrastructural solutions, and more focus on infosec products, then they are less satisfied with the project outcome.

    Why? Because when you start with a product, you essentially have a solution that is looking for a problem. Without clear requirements however, the hoped-for solution often fails to meet expectations. Under pressure, requirements analysis, design and integration-prototyping seem like up-front costs that slow down the take up of the “real” project. In reality however, these up-front times and costs are always less than the time and expense that is needed for the gap analysis and rework of an unsatisfactory or failed infosec project.

    How should CIOs identify and mitigate threats and risks?

    First, they need to catalogue all their assets (computers, networks, application functions, humans, etc.) and consider how each asset could be misused, disabled, lost or stolen.

    Next, they should consider the risk associated with each threat, thinking about how likely it is for the various threat-agents to be able to carry out their threat in a successful attack, and consider the consequences of such attacks.

    Some risks are acceptable, but CIOs must address the unacceptable risks, either by risk mitigation strategies or by transferring risk. With a prioritised list of risks, CIOs can perform a cost-benefit analysis and prioritise their next steps.

    Given the current state of the economy, how can CIOs manage infosec costs better?

    Infosec is always going to cost money and time, but the problems start when it either costs too much or fails to deliver in line with costs. CIOs must avoid being pushed into taking on an emerging technology because of media-driven hype about perceived cost savings.

    Without careful requirements analysis, risk-assessment and planning, cost and time over-runs are inevitable. Much of the infosec industry is about selling silver-bullet products. We saw firewalls, smart cards, PKI, IDS and then IPS, VDI and now Cloud. Avoiding product-driven hype and focusing on requirements and infrastructure will help to ensure that projects do not run over-time, and that costs are therefore contained.

    What future developments should CIOs prepare their organisations for?

    In the infosec context, the core assets of a business are its information, and the entities that collect, store, manage and process that information. CIOs may consider planning how to secure those assets in an environment where there are fewer verifiable (internal) controls, less physical security, more (big) data, and smarter, targeted attacks.

    Contact: Sarin Kouyoumdjian-Gurunlian, Press Manager, marcus evans, Summits Division

    Tel: + 357 22 849 313

    About the Australian CIO Summit 2013

    Offering much more than any conference, exhibition or trade show, this exclusive meeting will bring together esteemed industry thought leaders and solution providers to a highly focused and interactive networking event.

    For more information please send an email to or visit the event website at

    marcus evans group - information technology sector portal

    The Information Technology Network – marcus evans Summits group delivers peer-to-peer information on strategic matters, professional trends and breakthrough innovations.


    Please note that the Summit is a closed business event and the number of participants strictly limited.

    About DotSec

    DotSec is a professional, independent, Australian-owned information-security organisation. DotSec was established in 1999 and has consistently delivered solutions to customers in the financial, legal, utilities, education, transport, insurance and government sectors.

    About marcus evans Summits

    marcus evans Summits are high level business forums for the world’s leading decision-makers to meet, learn and discuss strategies and solutions. Held at exclusive locations around the world, these events provide attendees with a unique opportunity to individually tailor their schedules of keynote presentations, think tanks, seminars and one-to-one business meetings. For more information, please visit

    All rights reserved. The above content may be republished or reproduced. Kindly inform us by sending an email to