This is obviously a big topic these days and it’s almost getting to a point where I feel like this is overshadowing discussions in advancements in Wifi, VoIP and other network technologies on which most of us have spent the majority of our careers focusing. That said, I think it’s safe to say that, until we get to a point where we don’t have to worry about it (don’t hold your breath), security is going to be the talk of the town – especially as more and more of our information is being moved onto servers somewhere “in the cloud”.
I found this article interesting for a couple reasons – first, I think the three points they pull out here are good ones to note. But even more, I thought that the paragraph from the article quoted below brought light to a different perspective: as security becomes more of a strategic focus than just something that’s discussed during IT staff meetings, we need to make sure that focus is developed into the larger business model and and not based solely on a small group’s experiences and biases.
“One would think that as information security matured from back-office function to a more strategic role, CISOs’ approaches to portfolio prioritization would have followed suit. However, that’s not necessarily the case. Speaking with dozens of IT and security leaders, we found that most approaches to making security investment decisions are largely subjective. Too often, they’re based on personal expertise and credibility rather than systematic processes and business value metrics.”
The rest of the article is well worth the read as well. It’s linked below so read and enjoy!
Information security’s role is becoming more strategic, but its approach to making investment decisions hasn’t kept pace. To better align security investments with enterprise strategy, IT and security leaders must stay focused on the right risks, add rigor to decision making processes, and give stakeholders opportunities for input. The kids are back in school, the leaves are changing color, and the days are growing shorter – all signs it’s time for IT leaders to start thinking seriously about next year’s budget. One key issue that CIOs need to consider when drafting their 2018 budgets is how information security’s role is changing within the organization and how best to support that change. IT and business leaders need information security to take on a more strategic focus; but so far at least, its investment priorities haven’t followed suit. As organizations transform their business models to support new digital products and services, information security will increasingly adopt the role of “digital business enabler.” That means finding new ways to help business leaders take smart risks with information technology in pursuit of new growth or competitive advantage. This will change the way organizations deliver security, the skills and tools security teams will need […]