|
Without knowing the particular business and its environment, it's impossible to make a good judgment call on the wisdom of this change, but keep in mind that any good executive, CISO or otherwise, will change his or her priorities and programs as the overall business priorities change. Also remember that regardless of the economy, compliance is taking on more importance. If the economy continues to worsen and budgets tighten further, a greater proportion of IT departments' time and money will be dedicated to compliance efforts.
Most notable among the various compliance regulations in which organizations have invested significant time and money as of late have been the PCI DSS, HIPAA and SOX. All three regulations have a heavy focus on data protection and mandate that companies demonstrate a working identity management program, so it's not terribly surprising to hear about changes like the ones you are seeing.
The question is, what should you do? My advice is don't worry about what other companies are doing. Rather, talk with your executives about what their current and planned business priorities are, and alter your organization's security programs accordingly. That may mean working on data protection and IAM, but it could also mean working on Web application security or something completely different -- like security awareness training -- or implementing changes to policy and software development processes.
For more information:
|
