Security Management Strategies for the CIO |
||||
|
|
|||
|
||||
By KELLEY DAMORE
Believe it or not, there is a silver lining to the recession. It forces organizations to think creatively about problems, use tools for tasks beyond their intended purpose, and foster relationships they may not have had in the past. There are two such examples of this in this month's issue.
The first example centers on the integration of physical and logical security. While the benefits have been talked about for years, culture clashes and ownership issues have limited its widespread adoption. (See "A Sustainable Relationship" by Michael Mimoso).
But in a world of cost cutting and increased scrutiny on ROI, some organizations are bringing the two groups together successfully. It is worthy to note that physical and logical security people have the same concerns: protecting assets, ferreting out malicious insiders and managing risk. What's more, their worlds are colliding as much of the physical security infrastructure has become IP-based.
Desperation is a powerful tool. It can actually force people to look beyond preconceived notions and topple established silos. Face it, IT and IS managers are overwhelmed by the multitude of technology and operational tasks that they are accountable for. In an environment of reduced budgets and headcount, the task becomes even more untenable.
James Connor, Principal of N2N Secure, a consulting company that works with organizations to meld physical and logical security, sees barriers breaking down and people being more receptive in working together these days.
"Before the downturn we saw a lot of fighting," around ownership issues over processes and responsibilities, Connor says. "When faced with cost cutting, people are more receptive."
|
||||
|
|
|||
|
||||
Connor believes that policy is the most powerful tool. "You need to get the policy right and the stakeholders right. Then the technology comes in," he says. Streamlining processes becomes a powerful argument that can be conveyed to upper management.
Melding processes is what made Greg Jodry successful in his position as director of business and asset protection at Yahoo! As Jodry explained at the RSA conference in April, he just wanted his team to be invited to the table when it came to IT security.
Since much of Yahoo!'s assets reside in servers in data centers, he offered up his security team to do audits of the vaults where the customer information is housed. This offer played on his teams' strengths and has allowed him to foster a strong working relationship with the IT security folks. His mission was accomplished: he now has a seat at the table.
These two examples illustrate how partnerships can work. I would encourage you to think about potential allies or former "frienemies" and see how you can work together, combine budgets on certain projects and utilize their talents to help you achieve your goals. It may open doors you never considered before.
A second example of ingenuity comes from our story "A Method[ology] to the Madness" by Cris V. Ewell. This story explains a homegrown risk methodology that had its roots in a Ph.D risk management course at Nova Southeastern University and is now fully implemented at a private corporation and the University of Washington. We are grateful that they wanted to share their framework with others in the information security field.
If you have any success stories or tools that have helped you weather the storm, please send them to us. We're all in this together.
Kelley Damore is Editorial Director of Information Security and TechTarget's Security Media Group. Send comments on this column to feedback@infosecuritymag.com.
This was first published in June 2009
Join the conversationComment
Share
Comments
Results
Contribute to the conversation