Opinion: Now is the time for IT to update its information security program
Shift happens. As a security and risk management professional, you need to deal with the consequences.
Computerworld - The good news for security teams is that they are more visible to the business than ever before. High-profile data breaches, costly compliance requirements, and a bleak economic market mean companies are more willing to invest in information security to protect their digital assets. But there's bad news, too: Security teams are more visible than ever. With visibility comes an increased set of responsibilities.
Chief information security officers (CISO) have long enjoyed a love-hate relationship with the business. They often serve as strategic counsel and help advise the business on the risks being undertaken. When times are good, companies generally have a stable risk appetite, and CISOs help avoid potential threats to the business. But when times are bad, companies are tempted to change their risk posture in order to enter new markets, reach out to customers through new channels, augment staff, etc. That's when the CISO's job gets tricky.
I've had the opportunity to interview dozens of CISOs over the last few months as Forrester prepares for our upcoming Security Forum in September. Sure, there are lots of tactical questions that come up like "What's the best way to tackle data security?" and "Are other CISOs experiencing head count or budget reductions?" But increasingly, I've seen a clear inflection point in these conversations. CISOs are acknowledging that times are bad, but they're actually pretty comfortable with that. The challenge -- and here's where things get tricky -- is to prepare for what comes next. For security and risk management professionals, the inevitable upturn in the global economy is scary. Why? Because it's an unknown, and CISOs are tasked with the nearly impossible imperative of quantifying the business impact of the unknown.
So, as we enter the second half of 2009, Forrester strongly believes that CISOs and their security and risk management staff must continue to stay one step ahead of their business and IT peers. If you're in the security industry, then it's time to polish off that crystal ball and see where you fit in the new world.
Why you need to navigate a new security and risk landscape
Shift happens. As a security and risk management professional, you need to deal with the consequences. As an industry, we've been discussing "change" for years: how the future of IT will bring dramatic changes to workplace dynamics, sourcing models and application portfolios. But change is no longer hypothetical -- it's real. You need to move beyond discussions of the economy plunging into free fall and the resulting decrease in budgets, jobs and discretionary security projects. Instead, you need to understand how to navigate the new security reality in today's topsy-turvy business climate. Your challenge is to rethink the role of security within your enterprise by finding ways to get close to the business; create efficiencies with governance, risk and compliance (GRC); establish the right set of priorities; and implement an architecture that responds to these security shifts.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!