HomeIT Management

Security Strategies Must Be Integrated

Steve Durbin
By Steve Durbin
Updated on:

By Steve Durbin

The rapid evolution of technology, in combination with the economic upheaval of the last few years, has caused a massive shift in the security landscape. As a result, businesses are discovering that they have even more limited resources than ever before, all of which must be prioritized to the areas of greatest need or return. The task of determining priorities can be difficult in itself, especially when the imperative is about delivering more for less, both in terms of new investments and existing resources.

These monumental challenges cannot be met by a compartmentalized IT strategy because every piece of the modern enterprise runs on connectivity and data. As IT runs through every department, so must security initiatives. CIOs need to be proactive in promoting and supporting new business based on strong security and business-based risk assessments.

It has become essential for CIOs to connect with the board of directors so they approach new technology and security initiatives with a risk vs. reward mindset. New technologies are often adopted as a way of differentiating an enterprise and gaining an advantage over competitors, but without a robust, cost-benefit-risk analysis, organizations could end up standing out for all the wrong reasons.

Managing information risk is critical for all organizations to deliver their strategies and initiatives—and to reach their goals. Consequently, information risk management is relevant only if it enables an organization to achieve these objectives, ensuring it is well positioned to succeed and is resilient to unexpected events. An organization’s risk management activities—whether coordinated as an enterprise-wide program or at functional levels—must include an assessment of risks to information that could compromise success. Ask the tough questions, such as “If the worst happened, could we honestly tell our customers, partners and regulators that we had done everything that was reasonably expected?”

You Need to Know What Went Wrong

One of security’s primary aims is to prevent negative incidents. However, it’s almost impossible for organizations to avoid such events. While many businesses are good at incident management, fewer have a mature, structured approach for analyzing what went wrong in the first place. As a result, these businesses are incurring unnecessary costs, accepting inappropriate risks and possibly destined to keep repeating their mistakes.

Every organization needs mature incident management capabilities. Without a proper impact assessment, a business doesn’t know the incremental, long-term or intangible costs of a security incident, but those costs affect the bottom line and the brand’s reputation. Without knowing the cost of potential incidents, organizations will continue to misdirect resources, fix symptoms instead of causes and not spend money where it’s most needed to reduce the odds of a major data breach or other security incident.

Most organizations have a limited appetite for investigating security incidents, due in part to the understandable need to get back to business as usual. It is the responsibility of the CIO to ensure this vital security step is not overlooked. Skipping a thorough investigation of an incident means the organization misses a valuable opportunity to learn from it.

Take Stock Before It’s Too Late

Enterprises have varying degrees of control over today’s ever-evolving security threats. Organizations where everyone works together to build a strong defense will most likely thrive despite the immense pressure created by reduced resources, proliferating threats and evolving technologies. New perils arise with the speed and unpredictability of a force of nature—and all businesses are vulnerable to damage. Organizations of all sizes need to ensure today that they are fully prepared and engaged to deal with these ever-emerging security challenges.

About the Author

Steve Durbin is global vice president of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, cyber-security, BYOD, the cloud and social media across both the corporate and personal environments. Previously, he was senior vice president at Gartner. 

To read his previous CIO Insight article, “Security Risks: It’s All About How You Manage Them,” click here.

Previous article
Rethinking Privacy
Next article
Employees Burning Out From a Lack of Work Breaks
Steve Durbin
Steve Durbin

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles

Related Articles

CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need to maintain regulatory compliance for their teams and organizations. CIO Insight is an ideal website for IT decision makers, systems integrators and administrators, and IT managers to stay informed about emerging technologies, software developments and trends in the IT security and management industry.

Advertisers

Advertise with TechnologyAdvice on CIO Insight and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2022 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.