AC: We met our concerned customers in Hong Kong after the incident. We had remediation processes and upon request we replaced their tokens. We also issued official letters explaining the situation and how we handle it so that our customers can share with their auditors or board of directors.

Equally important is that we gave remediation advice within a day after our knowledge of the incident. The stolen information [from RSA] can't be used in any successful attack. What's never reported in the media is that there isn't a single incident where a customer suffers loss due to the RSA security breach. One of the [media] reports said that information stolen from RSA was actually used in an attack, but that attack was defeated.

CWHK: Is there any chief security officer at RSA? Do you think CIOs can also serve as CSOs?

AC: Yes, there is. CSOs have specific areas of expertise while CIOs are generalists who have understanding of infrastructure, security, and applications. CIOs are almost like general managers who will be more focused on helping organizations apply information to support business missions and objectives. So I don't think they can replace each other.

CWHK: Do you think the role of CIO will become obsolete in the next five years as businesses are using more utility-based tech or cloud computing?