IT security fears stifling business innovation
Posted on 02 October 2008.
Commissioned by RSA, an IDC survey of nearly 200 top business executives and security professionals showed that the majority of organizations believe creating an environment ideal for innovation is critical to staying ahead of the competition. However, survey respondents revealed that in spite of their best intentions, IT security risk is impeding business innovation. In fact, 80 percent of those surveyed, admitted that their organizations have backed away from new innovation opportunities because of information security concerns.

IDC also found that although 80 percent of CEOs believe their security teams are being held formally accountable for their contributions to business growth and innovation, only 44 percent of security leaders believe they are being measured on their contributions to innovation. This finding points to a surprising lack of alignment between the expectations of C-level management and the priorities of security professionals.

While the need to link IT security strategies directly to business goals is a widely-recognized imperative, only 21 percent of respondents believe their organizations have successfully made the transition to an approach that is proactive and business-aligned, and enables rather than impedes innovation.

RSA also today released the latest report from the Security for Business Innovation Council, which is comprised of 10 of the top minds in information security from some of the largest companies in the world. This report explores why legacy methods of evaluating information security risk don't work in today's connected world, in which any new business innovation inherently carries some level of risk to information.

In this landscape, the security focus must move from solely mitigating risk to also maximizing business reward. Based on the collective best practices of these leading security executives, the report offers a blueprint for making risk/reward calculations that help drive business value, and ensure they are executed and governed for enterprise success.

As a critical starting point, the Council report recommends some key shifts in organizational thinking and behavior including:

1. Move the security team's focus from "Information Security" to "Information Risk Management" to signal that the goal is to achieve an acceptable level of risk;
2. Use a cross-organizational approach to understand and formalize the enterprise's risk appetite;
3. Build a risk assumption model to delineate where and with whom risk decision responsibilities lie; and
4. Create a repeatable, step by step process, for making risk/reward calculations for new business initiatives and ensure it is rolled out across the organization.





Spotlight

Review: Bulletproof SSL and TLS

Posted on 12 September 2014.  |  Deploying SSL or TLS in a secure way is a great challenge for system administrators. This book aims to simplify that challenge by offering extensive knowledge and good advice - all in one place.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 15th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //