Time to rethink information security programs and strategies
NEW YORK (18 April 2011)– It is time to rethink information security programs and strategies to keep companies’ most valuable assets safe, according to Information Security in a borderless world, a report released today by Ernst & Young LLP. The report provides specific steps for companies to become better prepared to predict, detect, react and respond to threats on an enterprise-wide basis and eliminates the traditional notion of external verses internal security, which no longer applies in our borderless society.
“Advancing technology, including cloud computing, social media and mobile devices, creates far too much access to information to rely on traditional barricades,” says Bernie Wedge, Americas Information Technology Risk and Assurance leader for Ernst & Young LLP. “Even internal employee emails have become a target by external hackers. Traditional security models no longer work in this borderless world. Companies need to embrace change to their security programs in order to thwart both external hackers and threats that arise with new technologies in their own organizations.”
Building on the findings from EY’s 2010 Global Information Security Survey, the report proposes five interlocking phases of a transformational information security strategy to earn trust in a borderless world. It details specific opportunities for companies to achieve each action, including:
- Identify the real risks. Define the organization’s risk appetite; identify the most important information and applications, where they reside and who has access to them; and assess threats and develop predictive models.
- Protect what matters most. Focus on business drivers and high-value data; assume breaches will occur and improve processes; balance fundamentals with emerging threat management; and establish access control models.
- Optimize security investments for business performance. Once these four areas have been addressed, it is important to align all aspects of security with the business; spend wisely; and selectively consider outsourcing.
- Reach beyond compliance for sustainable security. Make security a board-level priority; let security drive compliance; accept manageable risks that improve performance; and measure leading indicators.
- Embrace change. Make security everyone’s responsibility; enable newer technologies; and extend security programs across the enterprise; set security metrics that impact business performance.
“It’s a matter of when, not if you will become a target when it comes to a breach in security,” says Jose Granado, Ernst & Young LLP’s Information Security Leader. “While the risk environment continues to change, taking the proper precautions and approach to information security will help to create a culture of trust and responsibility among customers, consumers, suppliers and employees in an increasingly borderless world.”
The report also emphasizes the wisdom of proactively protecting information while anticipating the worst – using an integrated security approach so organizations can focus on trust rather than paranoia. It describes the need for each company to understand its security maturity and to plan accordingly.
The full report is available at www.ey.com.
About EY's Advisory Services
The relationship between risk and performance improvement is an increasingly complex and central business challenge, with business performance directly connected to the recognition and effective management of risk. Whether your focus is on business transformation or sustaining achievement, having the right advisors on your side can make all the difference. Our 20,000 advisory professionals form one of the broadest global advisory networks of any professional organization, delivering seasoned multidisciplinary teams that work with our clients to deliver a powerful and superior client experience. We use proven, integrated methodologies to help you achieve your strategic priorities and make improvements that are sustainable for the longer term. We understand that, to achieve your potential as an organization, you require services that respond to your specific issues, so we bring our broad sector experience and deep subject matter knowledge to bear in a proactive and objective way. Above all, we are committed to measuring the gains and identifying where the strategy is delivering the value your business needs. It’s how EY makes a difference.
EY is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 141,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.
For a copy of the report, please visit www.ey.com.
EY refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity.
This news release has been issued by Ernst & Young LLP, a client-serving member firm of Ernst & Young Global Limited located in the US.