IT departments risk losing responsibility for IT security

IT security professionals can no longer take it for granted that IT security will continue as part of the IT function

IT security professionals can no longer take it for granted that IT security will continue as part of the IT function.

Large businesses are transferring responsibility for computer security away from the IT department to the compliance and risk department.

Research by the Corporate Executive Board (CEB), a membership organisation for C-level executives, shows that the trend has accelerated over the past 12 months.

Until now, 85-95% of chief information security officers reported directly to IT departments, said Jeremy Bergsman practice manager at the CEB.

Prepare for the end of the Blackberry

Businesses have been urged to prepare contingency plans for the potential end of the Blackberry as a business mobile.

The possibility that the Blackberry service could fail is one of the significant risks facing businesses this year, according to research by the Corporate Executive Board.

Blackberry supplier Research in Motion (RIM) has been struggling financially, yet most organisations are not in a position to switch their employees quickly to other mobile devices if the service fails, warned the CEB.

Although organisations are trialling iPhones and other smartphones as an alternative to the Blackberry, they are far from prepared for a rapid switchover, the CEB said.

“If Blackberry were broken up, they would be in trouble,” said Jeremy Bergsman, practice manager at the CEB.

“Over the past year, that has changed, with 25% reporting not to IT but to the legal and risk management function,” he said.

The CEB predicts that IT and IT security will become increasingly decoupled as technology becomes more commoditised and more systems are outsourced to the cloud.

Businesses are placing more emphasis on enterprise risk management, and there is a growing realisation that information security is about the wider business, not just about protecting servers, said Bergsman.

The CEB advises CIOs and CISOs to work out where IT security best fits within the organisation and begin marshalling their arguments now to support their case.

“They should be prepared to justify their position to the rest of the organisation,” said Bergsman.

  • Click here to download the full report.

Read more on IT risk management

Data Center
Data Management