Security expert George (Chip) Tsantes has joined Ernst & Young's financial services office as a principal within the information technology advisory services group where he now leads the information security practice.
Tsantes' specific areas of focus includes security program management, threat and vulnerability management, privacy and data protection and identity and access management.
"The biggest security threats occur where humans are involved," asserts Tsantes, who was previously Chief Technology Officer at Intersections, a provider of consumer and corporate identity risk management services, and a partner in Accenture's Capital Markets Group. "The biggest department [within a company] should be information security as everyone is in it and can enhance it with simple actions."
Firms must sample and test procedures to make sure they're working, and provide continuous training and education on security issues, he notes.
As for which threats are more dangerous, Tsantes says that while external threats are more premeditated, many internal threats are accidental, including people looking at personal mail and business mail at the same time, but can have devastating effects.
"There are lots of unintentional things happening where Trojans are put in the enterprise," he says.
One of the biggest challenges for companies today is trying to find a balance between spending time proving to regulators and business partners that you're secure and actually being secure, Tsantes says, noting that shared assessments and shared formats are some of the initiatives that can help firms reach this balance.
Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio