How can security play a central role in enabling business
growth?
Tom Scholtz, research vice-president atGartner
, shares seven domains that Gartner has identified as relevant to
improved business alignment.
There is no single tactic or strategy that guarantees success in
improving business alignment of security. Rather, a number of
varied but interrelated actions need to be identified and executed
to improve alignment over time. Different techniques are typically
better suited to different corporate cultures and business
environments. Gartner has identified seven domains that are all
relevant to improved business alignment.
Culture: Develop an organisational culture in which users,
managers and IT professionals all make good decisions about
information risk.
Planning: The strategic and tactical planning activities of the
information security organisation provide ample opportunity for
aligning the resultant projects and actions to actual business
requirements. For example, a key strategy is to leverage enterprise
architecture principles in security planning practices.
Processes: Adopting a strategic process approach, such as the
ISMS prescribed by ISO 27001, to the security management programme.
It establishes the ability to assess, develop and implement
security solutions as and when required by the business, rather
than enforcing a "one size fits all" control baseline.
Communications: A primary objective should be to develop
security-related service-level metrics that can be included in
formal service-level agreements (SLAs) between IT, service
providers and user constituencies.
Competencies: Business alignment often requires skills not
normally associated with information security specialists such as
architecture practice, personal communications, business knowledge
and marketing skills.
Technology: The manner in which security technology is utilised
can have a major impact on how security is perceived by technology
users. The success of an integrated IT service delivery strategy,
such as that prescribed by ITIL v3, will depend on how security
controls are technically integrated with IT services.
Relationships: The importance of establishing and maintaining
effective relationships with other roles and individuals within the
organisation. Alignment depends on the cooperation and support of
key influencers, decision makers and other stakeholders.
Alignment is a challenge that cannot be addressed in a piecemeal
fashion. Organisations should invest time and resources into a
comprehensive strategy for improving business alignment. The
actions and projects resulting from this strategy must be executed
in conjunction with, and not in place of, existing security
projects.
Read more expert advice from the
Computer Weekly Think Tank >>