Although vendors can have the tendency to present their technology as the silver bullet to solve your data and access management problems, it is only through integrating people, policy, process and technology that you can hope to address such a multi-faceted challenge. Technology should only be a means to an end.

Be it preventing data loss, providing secure remote working, ensuring mobile payment security, applying common policy

across diverse platforms, federating data sharing, or assuring end-points and supply chains, a holistic top-down approach is required, rather than a traditional IT-driven bottom-up one.

The organisation’s culture and risk management should determine the expected outcomes, driving the actions required to achieve them. Without getting the buy-in of management, staff and suppliers, and bringing along the journey, the so-called silver-bullet ends up as ammunition for corporate Russian roulette.

There then needs to be a clear understanding of the policies required to support the organisation’s desired outcomes, aligned with its risk appetite, which translate into the ‘rules’ that should be applied, through process, procedures, or technology. Some risks can also be managed through contracts and insurance.

Only once the above is in place, and

INFORMATION SECURITY

there are empowered and trained people in place, who understand the risks and means by which the organisation intends to treat them, can a technical solution be put in place. The solution should consider and address all end-to-end technical and non-technical threats and exposures.

When it comes to choosing technology solutions, don’t shoot yourself in the foot says Gareth Niblett, Chairman of the BCS Information Security Specialist Group.

Information Security Specialist Group (ISSG):www.bcs-issg.org.uk

Information Risk Management and Assurance Specialist Group:www.bcs.org/groups/irma

BCS Security Community of Expertise (SCoE):www.bcs.org/securitycommunity

FURTHER INFORMATION

doi:1

0.10

93/i

tnow

/bw

v037

©20

15 T

he B

ritis

h Co

mpu

ter

Soci

ety

Imag

e: iS

tock

/152

1268

75

22 ITNOW June 2015

SILVERBULLET

that your ENTIRE ORGANISATION is secure.It takes a FULLY TRAINED TEAM to ensure

Download to learn more.cert.isc2.org/infosecpros

INSPIRING A SAFE AND SECURE CYBER WORLD.

IT pros with informationsecurity skills have neverbeen more in demand.

Security isn’t just theresponsibility of informationsecurity leaders.

022-itnow-jun15-secintro.indd 2 06/05/2015 15:26:31