IT security managers had better get ready to ditch their peripheral, advisory role and get used to being the organisation’s key digital security player.
According to Paul Dorey, vice-president for digital security at BP, the dependence of business processes on IT and the digitisation of almost every physical component and process is now placing digital security at the core of business integrity.
Dorey predicted that by 2010, an increasing number of IT security professionals would be legally accountable for the statements they make about the digital security of their organisations.
Such accountability is already reflected in other professions, Dorey said, such as the engineer who specifies the strength of steel for a bridge, or a surgeon who knows when to operate.
He suggested that rather than using consultants, the IT security professional will become more trusted as a corporate decision maker. It would mean chief information security officers would have to face up to tough issues, such as how the security capability can be deployed outside the company as well as inside, and how best to deal with regulators.
Given the importance of digital security, whoever makes those decisions should also expect the appropriate status – and recompense – within the organisation to match that responsibility and accountability.