2012 Global Information Security Survey - Fighting to close the gap

A fundamental transformation

  • Share

Organizations are working hard to keep up with the pace of technology, and the increasing number of information security threats, with varying levels of success.

Those that can minimize the gap between what their information security functions are doing now and what they need to do will secure competitive advantage.

Organizations need to take four key steps to fundamentally shift how their information security functions operate:

The only way an organization can close the gap is by fundamentally transforming its information security function.

1. Linking to the business strategy

It is vital that organizations align their information security strategy with their business strategy and objectives. Organizations are typically focusing their efforts on:

  • Growth. Effective information security can protect the whole business, safeguard revenue and free up resources to increase revenue opportunities.
  • Innovation. Organizations are using new technology to interact directly with customers in new ways. The data that is generated needs to be secure, with privacy a critical issue.
  • Optimization. Organizations can reduce costs across the business with well-structured and well-managed information security.
  • Protection. Information security needs good governance and transparency to provide stakeholders with confidence

2. Redesigning the architecture and demonstrating how information security can deliver business results

Instead of looking at the existing landscape and how they can rework it, information security functions should undertake a fundamental redesign. They will need to allow for innovation and to constantly leverage new and emerging technologies, to help organizations achieve the results that promote protection and progress.

Identify the real risks

  • Develop a security strategy focused on business drivers and protecting high-value data
  • Define the organization’s overall risk appetite and how information risk fits
  • Identify the most important information and applications, where they reside and who has/needs access
  • Assess the threat landscape and develop predictive models highlighting real exposures

Protect what matters most

  • Assume breaches will occur — improve processes that plan, protect, detect and respond
  • Balance fundamentals with emerging threat management
  • Establish and rationalize access control models for applications and information

Embed in the business

  • Make security everyone’s responsibility
  • Align all aspects of security with the business
  • Spend wisely in controls and technology — invest more in people and processes
  • Selectively consider outsourcing operational security program areas

Sustain your security program

  • Get governance right — make security a board level priority
  • Allow good security to drive compliance, not vice versa
  • Measure leading indicators to catch problems while they are still small
  • Accept manageable risks that improve performance

3. Executing the transformation successfully and sustainably

Fundamental transformation isn’t just about implementing a program and walking away. To make the changes stick:

  • Make leaders accountable for delivering results and visibility throughout the life of the program.
  • Align the entire organization in the transformation approach — from planning and delivery of the program to the sustained adoption of the performance objectives.
  • Continually predict, monitor and manage risk throughout the execution of the program.
  • Fully adopt new solutions before closing a program so old ways don’t creep back in.

4. A deep dive into the new technologies

Despite their risks, new technologies are here to stay. Organizations need to use them to their advantage to extend their reach and energize profitable growth.

Any information security framework needs to constantly assess the role of new technologies and how to maximize their potential for the organization while keeping them safe.

Organizations need to take a 360-degree look at each of the new technologies to identify and offset the associated risks.

Want to learn more about how your organization can close the gap?  Contact us and start a conversation.

<< Previous