Maksim Kabakou - Fotolia

Security Think Tank: Use a threat-focused approach to security collaboration

How can development, operations and security teams collaborate around change to ensure security is maintained and even improved?

Collaboration across departments is often a challenge. This holds true for technology development, operations and security teams, which often have conflicting timescales, agendas and motivations. What common denominator can help to unify these departments to ensure cyber security is maintained and improved?

Collaboration based on a shared budget or project – such as a technology transformation programme – is likely to be temporary. Once the project ends, so too will the motivation and shared incentives to improve security across the organisation. So what can be done to encourage collaboration? One way forward is to adopt a threat-focused perspective, which can have several benefits.

Firstly, cyber security threats impact all three teams – development, operations and security – and mitigating threats is something they can all agree on as a priority (albeit to a lesser or greater degree). The process of building agreement will have to be started by the security team but, once achieved, it can be used to create a shared understanding of cyber security across the wider organisation. 

Secondly, the majority of cyber security threats – except for insiders – are external to the organisation. Using external threats as a common denominator can serve as an effective unifying factor, help to foster a sense of shared purpose and reduce internal competition over resources. 

It is a common political strategy used – often cynically – by leaders seeking to rally their country against real or perceived threats. It is a legitimate strategy for organisations attempting to improve their cyber security posture. 

Finally, the threat-focused perspective has the benefit of being topical. Cyber security incidents are in the news on a weekly basis and security teams should take advantage of this publicity in measured way, portraying cyber insecurity as one business risk among many. The ultimate goal is to enable an organisation to achieve its goals, and a threat-focused perspective will help to do this.

Dave Clemente is a senior research analyst with the Information Security Forum

Read more on Hackers and cybercrime prevention