New tech a top security challenge, says Isaca CEO

A top challenge facing information security professionals is the multiple points of entry created by new technologies, says Ron Hale, acting CEO of Isaca

A top challenge facing information security professionals is the multiple points of entry created by new technologies and business models, says Ron Hale, acting CEO of global IT security association Isaca.

“Security is no longer about defending the network perimeter because there is no perimeter any more as organisations embrace mobile and cloud computing,” he told Computer Weekly.

In recognition of this, Isaca is increasing its existing business focus to help a wider community of security and business professionals identify which technologies offer the right balance of risk and reward.

Evaluating new technologies

Hale, who recently took over the role of Isaca CEO from Susan Caldwell, is driving an initiative to create services to help security and business professionals evaluate new business-enabling technologies.

The initiative is being led by a committee drawn from a wide range of different business sectors with experience in connecting business leaders with the technicians who build enterprise IT systems.

“We looked for people with experience in technology strategy, founding startup companies and building IT solutions that were unique and different to create new business opportunities,” said Hale.

In the beta phase of the project, Isaca is taking the concept to various enterprise boards to get feedback that will be used to refine the planned offering and ensure it meets market needs.

“The committee is very different to other Isaca committees and we are likely to end up with a very different product offering,” said Hale.

The plan fits neatly into Isaca’s 10-year plan to treble membership, make content available to a wider audience, and engage more widely with business and technology professionals.

Cyber security and privacy

In addition to emerging technologies, the organisation is focusing on cyber security and privacy, engaging with government in the US and UK and collaborating with European Union cyber security agency Enisa.

In cyber security, the aim is to provide unbiased information to enable decision-making at the higher levels and then connect those decisions to actionable things technicians can do to make it all work.

Hale believes Isaca has a role in facilitating the communication between the business and security practitioners.

“We aim to be the glue in the middle to bridge the gap and enable organisations to tie risk and vulnerabilities to business goals,” he said.

As part of this aim, Isaca is working with the US National Association of Corporate Directors on a series of free videos for boards around the world to create awareness around cyber security.

With a similar aim, Isaca plans to introduce content that will enable organisations to benchmark themselves against top-performing organisations in business metrics such as low-cost compliance.

In privacy, Isaca aims to provide more content that will enable those who build and monitor systems to ensure their effectiveness.

“Much of the content that is currently available has been created by people in the legal profession, so there is a need for something that is more practical for those who build and run systems,” said Hale.

In the short term, Isaca is set to release content that ties in all aspects of the Cobit governance framework to help organisations deal with information and the challenge of big data.

“It will help provide a common language for those who use information and those who create information systems,” said Hale.

Support for graduates and security professionals

Looking to the future, Isaca plans to play a greater role in helping graduates to transition to the world of work by providing practical experience to complement academic courses.

The organisation also plans to develop programmes aimed at providing support to new, experienced and veteran information security professionals.

Isaca also plans to engage more with other professional bodies and play a leading role in bringing security industry groups together.

“Isaca recognises that no single organisation has all the answers, and that it is better to bring all the best pieces together because a combined solution is always stronger,” said Hale.

Read more on Hackers and cybercrime prevention