Click here to load reader
Upload
gareth-niblett
View
117
Download
4
Embed Size (px)
Citation preview
Although vendors can have the tendency to present their technology as the silver bullet to solve your data and access management problems, it is only through integrating people, policy, process and technology that you can hope to address such a multi-faceted challenge. Technology should only be a means to an end.
Be it preventing data loss, providing secure remote working, ensuring mobile payment security, applying common policy
across diverse platforms, federating data sharing, or assuring end-points and supply chains, a holistic top-down approach is required, rather than a traditional IT-driven bottom-up one.
The organisation’s culture and risk management should determine the expected outcomes, driving the actions required to achieve them. Without getting the buy-in of management, staff and suppliers, and bringing along the journey, the so-called silver-bullet ends up as ammunition for corporate Russian roulette.
There then needs to be a clear understanding of the policies required to support the organisation’s desired outcomes, aligned with its risk appetite, which translate into the ‘rules’ that should be applied, through process, procedures, or technology. Some risks can also be managed through contracts and insurance.
Only once the above is in place, and
INFORMATION SECURITY
there are empowered and trained people in place, who understand the risks and means by which the organisation intends to treat them, can a technical solution be put in place. The solution should consider and address all end-to-end technical and non-technical threats and exposures.
When it comes to choosing technology solutions, don’t shoot yourself in the foot says Gareth Niblett, Chairman of the BCS Information Security Specialist Group.
Information Security Specialist Group (ISSG):www.bcs-issg.org.uk
Information Risk Management and Assurance Specialist Group:www.bcs.org/groups/irma
BCS Security Community of Expertise (SCoE):www.bcs.org/securitycommunity
FURTHER INFORMATION
doi:1
0.10
93/i
tnow
/bw
v037
©20
15 T
he B
ritis
h Co
mpu
ter
Soci
ety
Imag
e: iS
tock
/152
1268
75
22 ITNOW June 2015
SILVERBULLET
that your ENTIRE ORGANISATION is secure.It takes a FULLY TRAINED TEAM to ensure
Download to learn more.cert.isc2.org/infosecpros
INSPIRING A SAFE AND SECURE CYBER WORLD.
IT pros with informationsecurity skills have neverbeen more in demand.
Security isn’t just theresponsibility of informationsecurity leaders.
022-itnow-jun15-secintro.indd 2 06/05/2015 15:26:31