Information Security and Business Integration


This article can also be found in the Premium Editorial Download "Information Security magazine: Everything you need to know about today's information security trends."

Download it now to read this article plus other related content.

Security professionals can rely on the same models and frameworks used by traditional business to earn a seat at the table.

Information security has evolved in the past 10 years from a siloed, über-secret endeavor to an accepted enterprise business practice. With that evolution, most security practitioners understand that information security and its underlying constructs must be integrated into the business. But the overuse of fear, uncertainty and doubt (FUD), compliance edicts and the wily hacker have undermined the positive impact of information security to the business. In turn, the longevity of some leaders' tenure is also in jeopardy when they are perceived as the local bailiwick rather than a respected and contributing business professional.

How, then, to best ensure that integration? More than trial and error and experience is required; security professionals need to be well versed in information protection stewardship, able to verbalize the tenets of the job to management, and also tap into a knowledge base of economics and business theory to arm themselves with the appropriate toolkit to gain organizational acceptance of their initiatives.

    Requires Free Membership to View

Words to Live By
Here's a guide to the terms and theories that can help you integrate security and business.

Convergence program: The programs and or business departments that require the support of information security and in some cases overlap or provide mutual support (e.g., risk management, physical security, crisis management, etc.).

Macro information security: The business structures and plans that influence and protect the enterprise. Typically, this includes a blueprint, framework, strategic plan, road map, governance and policies.

Micro information security: The technology, controls, countermeasures and tactical solutions employed day-to-day to defend against cyber threats. These are often the outcome of the projects executed through a strategic plan.

Principled information security: Information security that is governed by verbalization of practice and investments, the valuation of investments and validation of effectiveness. The end result is clear visibility to management.

Protection stewards: Those who are accountable for the protection of information assets, as well as the virtual, logical and physical constructs or an organization's information infrastructure.

Protection stewardship: Protection of information assets as well as the virtual, logical and physical constructs that enable an organization to achieve success.

This was first published in July 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: