Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Austerity was the defining principle for investment and operations during the past two years.
Professionals were challenged to do more with less and some functions were put on life support. Information security and other risk-management disciplines had to operate with less resources and more demands for success.
Information security professionals learned to adapt and be flexible to keep up with technology, reduced workforces and changing business operations.
Securing organisations with a skeleton staff has been quite a challenge, and yet many security leaders have managed to accomplish the seemingly impossible. By weathering the storm we have proven that the initial investment in security infrastructure is sufficient to protect the enterprise.
The latest reports from financial pundits state that the recession is over and investment and spending will once again be he hallmark of successful organizations. The question on the minds of information security leaders is whether funds will be directed into their budgets.
Have we, by doing a great job by operating with a bare-bones budget, signed our own death knell? How can security leaders ask for budget increases when we have demonstrated that we can manage to keep our organizations secure with less investment that we traditionally demanded?
It is incumbent on the astute security leader to craft a business case for investment in security products and solutions that will keep pace with the advances in technology that continue to sweep the nation.
The FUD (fear, uncertainty and doubt) principles no longer apply. We need to devise a new business case for advancing the contributions that information security can make to organisations. The concept of return-on-investment needs to be retired and replaced by the concept of “cost of doing business”.
Information security leaders have the unique opportunity to integrate security controls into each and every aspect of newly evolving business operations. The change needs to focus not on technology but rather on culture. By emphasising the importance of early integration of security into the organization's operating model, a business case can be made supporting additional investment for security.
The landscape for security professionals is still slippery. A prudent and conservative approach to increasing security investment may be more successful than demanding that things go back to the way they were.
The new security leader will be a hybrid of technology savvy as well as business savvy. Speaking the language of the business leaders who control the coffers will ultimately serve the organisation and its stakeholders better than the traditional approach used for decades.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.