How can security play a central role in enabling business
growth?
As information security grows in stature within the
organisation, we in the profession must be careful not to develop
any delusions of grandeur. No matter how crucial our efforts may
be, we must recognise that we are very firmly cast in a supporting
role,writes John Colley, managing director of(ISC)2
EMEA.
We must take our direction primarily from strategy that has been
developed by the business leaders for the business. We must also
follow the IT strategy, which presumably has taken its lead from
the business strategy as well.
It is in developing a security strategy that reflects and in
many cases provides a bridge between the IT and business strategies
that we can be most effective at supporting the development of the
business.
This is a departure from the traditional tick-box method of
assessing whether adequate security measures are in place. It is
steeped in understanding risks inherent in the initiatives either
the business or IT functions would like to embark upon and
implementing measures to mitigate them. The business may, for
example, wish to launch a new product line, or new channel to
market; IT may want to move significant operations into the cloud.
The objectives, benefits and risks inherent with each of these
proposals will be distinctly different and require independent
assessment.
Acknowledging that we are in a supporting role does not however
consign us to being reactive. We have the expertise to recognise
opportunity and should feel free to use it. We constantly assess
evolving technologies and security practices, putting us in a
position to arm the business with the new robust tools and methods
that will influence their strategic thinking.
Read more expert advice from the
Computer Weekly Think Tank >>