It is incredible that – in the age of BYOD (bring your own disaster), and the onslaught of cyber crime and insecurity – any organisation should ask what the value of information security is to their business. Or to put it another way, if this is the question an organisation is asking of itself, then it is not a business I would wish to associate with, nor one to which I would entrust my information. Information security is now a must-do and the reason for its existence should be obvious.
It is also inconceivable that, in an age of proven threats, advanced evasions, cyber crime, hacktivists and smart malware, such a question should be even posed - as, having let the genie of IT dependence out of the bottle, along with almost total adoption of trading over an ungovernable environment we call the internet, in my opinion, such a utterance should only come from the mouth of a painted clown.
We have to face it, accept it and own up to it - the day we ran away with using technology to drive our homes, business and life, we should have factored in the future vectors of the association of risk! Is this by any chance the syndrome of fear, uncertainty and doubt - never, it's a blessed fact.
Of course life is full of options, so why not be obtuse to good advice - don't do security, carry on regardless and please feel free to write in one year’s time to update us how this strategy worked for your business. Of course, this may be coming to me, not from a corporate email address, but a private one, but I can assure you, I will understand your predicament.
John Walker is Chair of the London Chapter ISACA Security Advisory Group, member of the ISACA International Guidance and Practices Committee and CTO of Secure-Bastion
Read more about aligning security and business:
This was first published in December 2012