|
Security professionals can rely on the same models and frameworks used by traditional business to earn a seat at the table.
Information security has evolved in the past 10 years from a siloed, über-secret endeavor to an accepted enterprise business practice. With that evolution, most security practitioners understand that information security and its underlying constructs must be integrated into the business. But the overuse of fear, uncertainty and doubt (FUD), compliance edicts and the wily hacker have undermined the positive impact of information security to the business. In turn, the longevity of some leaders' tenure is also in jeopardy when they are perceived as the local bailiwick rather than a respected and contributing business professional.
How, then, to best ensure that integration? More than trial and error and experience is required; security professionals need to be well versed in information protection stewardship, able to verbalize the tenets of the job to management, and also tap into a knowledge base of economics and business theory to arm themselves with the appropriate toolkit to gain organizational acceptance of their initiatives.
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] Words to Live By
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Here's a gu...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
ide to the terms and theories that can help you integrate security and business.
Convergence program: The programs and or business departments that require the support of information security and in some cases overlap or provide mutual support (e.g., risk management, physical security, crisis management, etc.).
Macro information security: The business structures and plans that influence and protect the enterprise. Typically, this includes a blueprint, framework, strategic plan, road map, governance and policies.
Micro information security: The technology, controls, countermeasures and tactical solutions employed day-to-day to defend against cyber threats. These are often the outcome of the projects executed through a strategic plan.
Principled information security: Information security that is governed by verbalization of practice and investments, the valuation of investments and validation of effectiveness. The end result is clear visibility to management.
Protection stewards: Those who are accountable for the protection of information assets, as well as the virtual, logical and physical constructs or an organization's information infrastructure.
Protection stewardship: Protection of information assets as well as the virtual, logical and physical constructs that enable an organization to achieve success.
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
|
 |
|
