[SOUND] What risk management methodology do you follow,
and if it is customized for your needs, which of the major
models currently in use does it most closely resemble?
>> The risk management framework we're the most excited about is the NIST cyber
security framework.
It's a national framework that tries to pull together all the different economic
sectors, provide a common vocabulary and taxonomy, so
we can all start talking about risk the same way.
>> The common language does what for you?
What's the- >> What it does, when you think about how
cyber is evolving, we're all interconnected Internet of things,
the super computer that's in your pocket called the smartphone or
banking application or even in most cases the gas pump your interacting with.
Were also smart intelligent devices the whole
economic framework of the country becomes highly interconnected.
All having a common taxonomy let's just go to a power company or a gas company or any
other industry that we may be interacting with and begin with a common vocabulary
that let's us figure out how do we secure transactions, national infrastructure, or
allow client to do anything within they want to do in the internet safely.
>> So it's an interesting perspective though that what we want to do is
speak a common language so
that we can sort of achieve a common goal which is to maintain security but
in reality we have competitors and our businesses have competitors.
To what extent is it better to share and
work in combination with your competitors when it comes to security
versus thinking of security as a competitive advantage.
>> It's probably dangerous to think of security itself as something competitive.
We need to be secure in order to be part of a larger economic ecosystem.
We should never broker safety as something that's different than what it should be.
We shouldn't worry about whether or not one plane is safer than another.
We need all aircraft to be safe that's why the FAA does what they do.
By having a common framework we're less concerned about safety because we're
going to build that into how we interact as members of the digital community.
We need to compete on services not on safety.
[SOUND]