Opinion: Now is the time for IT to update its information security program
Shift happens. As a security and risk management professional, you need to deal with the consequences.
Computerworld - The good news for security teams is that they are more visible to the business than ever before. High-profile data breaches, costly compliance requirements, and a bleak economic market mean companies are more willing to invest in information security to protect their digital assets. But there's bad news, too: Security teams are more visible than ever. With visibility comes an increased set of responsibilities.
Chief information security officers (CISO) have long enjoyed a love-hate relationship with the business. They often serve as strategic counsel and help advise the business on the risks being undertaken. When times are good, companies generally have a stable risk appetite, and CISOs help avoid potential threats to the business. But when times are bad, companies are tempted to change their risk posture in order to enter new markets, reach out to customers through new channels, augment staff, etc. That's when the CISO's job gets tricky.
I've had the opportunity to interview dozens of CISOs over the last few months as Forrester prepares for our upcoming Security Forum in September. Sure, there are lots of tactical questions that come up like "What's the best way to tackle data security?" and "Are other CISOs experiencing head count or budget reductions?" But increasingly, I've seen a clear inflection point in these conversations. CISOs are acknowledging that times are bad, but they're actually pretty comfortable with that. The challenge -- and here's where things get tricky -- is to prepare for what comes next. For security and risk management professionals, the inevitable upturn in the global economy is scary. Why? Because it's an unknown, and CISOs are tasked with the nearly impossible imperative of quantifying the business impact of the unknown.
So, as we enter the second half of 2009, Forrester strongly believes that CISOs and their security and risk management staff must continue to stay one step ahead of their business and IT peers. If you're in the security industry, then it's time to polish off that crystal ball and see where you fit in the new world.
Why you need to navigate a new security and risk landscape
Shift happens. As a security and risk management professional, you need to deal with the consequences. As an industry, we've been discussing "change" for years: how the future of IT will bring dramatic changes to workplace dynamics, sourcing models and application portfolios. But change is no longer hypothetical -- it's real. You need to move beyond discussions of the economy plunging into free fall and the resulting decrease in budgets, jobs and discretionary security projects. Instead, you need to understand how to navigate the new security reality in today's topsy-turvy business climate. Your challenge is to rethink the role of security within your enterprise by finding ways to get close to the business; create efficiencies with governance, risk and compliance (GRC); establish the right set of priorities; and implement an architecture that responds to these security shifts.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts