How can security play a central role in enabling business
growth?
A very simple view of how security can enable business growth
is to consider the question "why do cars have brakes?" The answer
given by most people is that the brakes are there to stop the car,
which is true of course, but not the reason,writes Peter
Wenham CISSP MICAF CLAS, committee member of theBCS
Security ForumStrategic Panel and director of
information security consultancy Trusted Management.
Without brakes, no one would want to drive a car because it
would be dangerous. So brakes enable the car to be driven in the
first place, i.e. it enables the risk of driving the car to be
taken. Extending this line of thinking, the brakes on an F1 racing
car are larger and more powerful that those fitted to a small
runaround car, i.e. the cost of risk mitigation is proportionate to
the risk.
The extension of this analogy is that by applying appropriate
security within a company, risks can be taken, and by taking risks,
business will grow. The down side is that by taking too high a
risk, or not applying appropriate mitigation, a company can get
into trouble - as recent events in the banking area have shown.
As with cars and brakes, security within a company is not just a
technical issue, it involves people and their security awareness
and ability to effectively use in place security controls. Ignore
the controls, and all bets are generally off.
Looking again at the question - How can security play a central
role in enabling business growth? - ask yourself these supplemental
questions: Would I deal with a firm that is constantly being
burgled? Would I deal with a firm that has a poor information
security record? The chances are, you would not deal with either,
and the firms in question would eventually fail because they would
not get enough business.
To underline this, firms are increasingly looking to connect
their systems to those of their suppliers or customers in a drive
towards efficiency and cost reduction in the procurement and
accounts areas. Without proof of good security and good security
governance, such deals will not happen, so only those firms which
demonstrably take security seriously will continue to win
business.
Read more expert advice from the
Computer Weekly Think Tank >>