How can security play a central role in enabling business growth?
As information security grows in stature within the organisation, we in the profession must be careful not to develop any delusions of grandeur. No matter how crucial our efforts may be, we must recognise that we are very firmly cast in a supporting role, writes John Colley, managing director of (ISC)2 EMEA.
We must take our direction primarily from strategy that has been developed by the business leaders for the business. We must also follow the IT strategy, which presumably has taken its lead from the business strategy as well.
It is in developing a security strategy that reflects and in many cases provides a bridge between the IT and business strategies that we can be most effective at supporting the development of the business.
This is a departure from the traditional tick-box method of assessing whether adequate security measures are in place. It is steeped in understanding risks inherent in the initiatives either the business or IT functions would like to embark upon and implementing measures to mitigate them. The business may, for example, wish to launch a new product line, or new channel to market; IT may want to move significant operations into the cloud. The objectives, benefits and risks inherent with each of these proposals will be distinctly different and require independent assessment.
Acknowledging that we are in a supporting role does not however consign us to being reactive. We have the expertise to recognise opportunity and should feel free to use it. We constantly assess evolving technologies and security practices, putting us in a position to arm the business with the new robust tools and methods that will influence their strategic thinking.
Read more expert advice from the Computer Weekly Think Tank >>