Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
IT security needs to be more closely aligned with other corporate security functions, with an individual role co-ordinating and monitoring converged enterprise risk, according to a new benchmarking study by PricewaterhouseCoopers (PwC).
The consultancy firm approached 10 of its FTSE 100 clients with the aim of discovering "what a 21st century security function looks like".
Steve Wright, security and business continuity management leader at PwC, claimed that the results highlight a lack of integration between IT security, and areas of corporate security tasked with fighting counterfeiting, terrorism, bribery, intellectual property infringement and other risks.
In today's climate, criminals are likely to target several vulnerabilities in different vectors to achieve their goals, necessitating "a more joined-up approach" from security and risk teams, the report said.
"There is a silo mentality, in that we commonly find [these problems] all dealt with by different heads of department," said Wright.
"This is not necessarily wrong, but it could be enhanced by someone looking holistically and co-ordinating, and looking at risk over different points."
He added that the recession will force companies to look at this as an area in which they could make significant efficiency gains.
Nick Frost, senior research consultant at the Information Security Forum, argued that insider threats, mobile malware and offshoring are all areas of potential high risk.
"The threat from organised crime is well reported, and most organisations are seeing this increase dramatically with the recession," he said.
Wright added that the combined corporate and IT security function should be focused on business protection through understanding information assets, applying a thorough risk assessment methodology, preparing for business continuity and ensuring adequate resilience.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.