Five lessons we can learn from financial services and compliance
by Dwayne Melancon - CTO at Tripwire - Wednesday, 5 February 2014.
Security is a prominent part of risk management and security often identifies the lion’s share of risk, but it is incumbent on the business to actually accept risk. Making this risk acceptance process productive is about taking your security assessment and articulating it in the context of your risk profile, and helping the business understand key risks, what the consequences of a breach would be, and the cost of various options to mitigate the key risks. Done well, risk management is an enabler for making business decisions, achieving buy-in, and increasing business performance.

Integrate external perspectives into your “world view” of security so can respond and adapt to changing conditions outside of your organisation’s direct control.

Businesses have traditionally been more focused on availability as it is easier to achieve and measure than compliance, leaving security as an afterthought.

While it was easier to put IT in the back room and ignore them in the past, it now forms a key part of your business. As more businesses have to deal with compliance, and as more non-technical business leaders are exposed to data breaches and denial of service attacks through the media, this conversation is becoming easier.

Information security is increasingly recognised as being part of what makes a business work. To emphasise this fact, don’t dwell on internal issues specific to IT. Rather, highlight incidents happening to your peers and competitors, focusing the discussion on “what if this happened to us?” and drive a deliberate strategy for how your business will manage the risk. That changes the tone of the discussion and recasts the role IT has within the business.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th