RSA Council: IT Security Needs to Work Like Submarine Warfare

Mike Vizard
Slide Show

Six Ways a Multi-tiered Security Strategy Benefits Businesses

When faced with an increased number of threats, the natural tendency is to want to lock everything down as much as possible. In reality, the role of the IT security officer is evolving into one that enables business processes to occur with the least amount of risk possible.

A recent report issued by the Security Business Innovation Council (SBIC) created by EMC advises IT security officers to pursue a more nuanced approach. While there may be more security threats than ever, business opportunities are often fleeting. In an age when business is increasingly digital, organizations need an agile IT infrastructure that allows them to rapidly respond to new business opportunities.

Sam Curry, chief technology officer for marketing at the RSA Security Division of EMC, says one of the biggest issues facing IT security officers today is that they don’t speak the language of business. Every business person understands the concept of risk. After all, that’s what business is all about. Curry says that IT security people tend to overly emphasize the risks without fully appreciating the potential business benefits of the opportunity at hand.

Curry concedes that while striking a balance between risk and opportunity is easy to understand in concept, actually being able to make that work is fiendishly difficult.

To strike that balance, the SBIC recommends:

  • Shift Focus from Technical Assets to Critical Business Processes: Expand beyond a technical, myopic view of protecting information assets and get a broader picture of how the business uses information by working with business units to document critical business processes.
  • Institute Business Estimates of Cybersecurity Risks: Describe cybersecurity risks in hard-hitting, quantified business terms and integrate these business impact estimates into the risk-advisory process.
  • Establish Business-Centric Risk Assessments: Adopt automated tools for tracking information risks so that business units can take an active hand in identifying danger and mitigating risks and thus assume greater responsibility for security.
  • Set a Course for Evidence-Based Controls Assurance: Develop and document capabilities to amass data that proves the efficacy of controls on a continuous basis.
  • Develop Informed Data Collection Techniques: Set a course for data architecture that can enhance visibility and enrich analytics.

Curry says that instead of thinking of fighting the IT security with battleships blasting away at each other, the reality is that modern IT security more closely resembles submarine warfare. Most of your time is spent patrolling the depths of the Internet, trying to identify potential threats. Once they have been identified, the mission doesn’t necessarily become about eliminating that threat, but rather helping the business to navigate around it.



Add Comment      Leave a comment on this blog post
Jan 10, 2014 12:51 PM oahuwriter oahuwriter  says:
Hi: being a writer I market like crazy! One place I market is facebook. Facebook has emailed me telling me did I login in 2 other locations-I didn't and took the appropriate steps, but the different sites kept logging in even if I changed my password more than twice in two days. So it means that changing password doesn't what I assume spyware is helping the others login even if I change my password-how to remedy this easily and how to ensure that I have a platform to market safely and not go crazy with new passwords every other day is essential. Sad to say I'm user friendliest so the security has to be done with simplicity of a click too. It is nice to know people like you are bridging the gaps if any between the IT world and business world for we need each other. We all need security no matter what. Many are not too informed about the problem to solve it too. We can read 20 articles and understand it more, but business people will concentrate on how to make more profit so you have to be diligent please so there is a permanent bridge to help each other's industries. Thank you so much for everything. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.