Integration of Information Security and Business - Information Security Magazine - Page 1

Information Security and Business Integration

Security professionals can rely on the same models and frameworks used by traditional business to earn a seat at the table.


Information security has evolved in the past 10 years from a siloed, über-secret endeavor to an accepted enterprise business practice. With that evolution, most security practitioners understand that information security and its underlying constructs must be integrated into the business. But the overuse of fear, uncertainty and doubt (FUD), compliance edicts and the wily hacker have undermined the positive impact of information security to the business. In turn, the longevity of some leaders' tenure is also in jeopardy when they are perceived as the local bailiwick rather than a respected and contributing business professional.

How, then, to best ensure that integration? More than trial and error and experience is required; security professionals need to be well versed in information protection stewardship, able to verbalize the tenets of the job to management, and also tap into a knowledge base of economics and business theory to arm themselves with the appropriate toolkit to gain organizational acceptance of their initiatives.


    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.
Words to Live By
Here's a guide to the terms and theories that can help you integrate security and business.

Convergence program: The programs and or business departments that require the support of information security and in some cases overlap or provide mutual support (e.g., risk management, physical security, crisis management, etc.).

Macro information security: The business structures and plans that influence and protect the enterprise. Typically, this includes a blueprint, framework, strategic plan, road map, governance and policies.

Micro information security: The technology, controls, countermeasures and tactical solutions employed day-to-day to defend against cyber threats. These are often the outcome of the projects executed through a strategic plan.

Principled information security: Information security that is governed by verbalization of practice and investments, the valuation of investments and validation of effectiveness. The end result is clear visibility to management.

Protection stewards: Those who are accountable for the protection of information assets, as well as the virtual, logical and physical constructs or an organization's information infrastructure.

Protection stewardship: Protection of information assets as well as the virtual, logical and physical constructs that enable an organization to achieve success.

This was first published in July 2008