Opinion: Now is the time for IT to update its information security program
Shift happens. As a security and risk management professional, you need to deal with the consequences.
Computerworld - The good news for security teams is that they are more visible to the business than ever before. High-profile data breaches, costly compliance requirements, and a bleak economic market mean companies are more willing to invest in information security to protect their digital assets. But there's bad news, too: Security teams are more visible than ever. With visibility comes an increased set of responsibilities.
Chief information security officers (CISO) have long enjoyed a love-hate relationship with the business. They often serve as strategic counsel and help advise the business on the risks being undertaken. When times are good, companies generally have a stable risk appetite, and CISOs help avoid potential threats to the business. But when times are bad, companies are tempted to change their risk posture in order to enter new markets, reach out to customers through new channels, augment staff, etc. That's when the CISO's job gets tricky.
I've had the opportunity to interview dozens of CISOs over the last few months as Forrester prepares for our upcoming Security Forum in September. Sure, there are lots of tactical questions that come up like "What's the best way to tackle data security?" and "Are other CISOs experiencing head count or budget reductions?" But increasingly, I've seen a clear inflection point in these conversations. CISOs are acknowledging that times are bad, but they're actually pretty comfortable with that. The challenge -- and here's where things get tricky -- is to prepare for what comes next. For security and risk management professionals, the inevitable upturn in the global economy is scary. Why? Because it's an unknown, and CISOs are tasked with the nearly impossible imperative of quantifying the business impact of the unknown.
So, as we enter the second half of 2009, Forrester strongly believes that CISOs and their security and risk management staff must continue to stay one step ahead of their business and IT peers. If you're in the security industry, then it's time to polish off that crystal ball and see where you fit in the new world.
Why you need to navigate a new security and risk landscape
Shift happens. As a security and risk management professional, you need to deal with the consequences. As an industry, we've been discussing "change" for years: how the future of IT will bring dramatic changes to workplace dynamics, sourcing models and application portfolios. But change is no longer hypothetical -- it's real. You need to move beyond discussions of the economy plunging into free fall and the resulting decrease in budgets, jobs and discretionary security projects. Instead, you need to understand how to navigate the new security reality in today's topsy-turvy business climate. Your challenge is to rethink the role of security within your enterprise by finding ways to get close to the business; create efficiencies with governance, risk and compliance (GRC); establish the right set of priorities; and implement an architecture that responds to these security shifts.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!