Browse archive

Latest news

The security of WordPress plugins

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Businesses not fully implementing infosec programs

Is accessing work apps on the move destructive?

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

New regulation for ENISA, the EU cybersecurity agency

F-Secure advances fight against exploits

Free anti-spam software for the Mac

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Hacking charge stations for electric cars

IT security fears stifling business innovation

Posted on 02 October 2008.

Commissioned by RSA, an IDC survey of nearly 200 top business executives and security professionals showed that the majority of organizations believe creating an environment ideal for innovation is critical to staying ahead of the competition. However, survey respondents revealed that in spite of their best intentions, IT security risk is impeding business innovation. In fact, 80 percent of those surveyed, admitted that their organizations have backed away from new innovation opportunities because of information security concerns.

IDC also found that although 80 percent of CEOs believe their security teams are being held formally accountable for their contributions to business growth and innovation, only 44 percent of security leaders believe they are being measured on their contributions to innovation. This finding points to a surprising lack of alignment between the expectations of C-level management and the priorities of security professionals.

While the need to link IT security strategies directly to business goals is a widely-recognized imperative, only 21 percent of respondents believe their organizations have successfully made the transition to an approach that is proactive and business-aligned, and enables rather than impedes innovation.

RSA also today released the latest report from the Security for Business Innovation Council, which is comprised of 10 of the top minds in information security from some of the largest companies in the world. This report explores why legacy methods of evaluating information security risk don't work in today's connected world, in which any new business innovation inherently carries some level of risk to information.

In this landscape, the security focus must move from solely mitigating risk to also maximizing business reward. Based on the collective best practices of these leading security executives, the report offers a blueprint for making risk/reward calculations that help drive business value, and ensure they are executed and governed for enterprise success.

As a critical starting point, the Council report recommends some key shifts in organizational thinking and behavior including:

1. Move the security team's focus from "Information Security" to "Information Risk Management" to signal that the goal is to achieve an acceptable level of risk;
2. Use a cross-organizational approach to understand and formalize the enterprise's risk appetite;
3. Build a risk assumption model to delineate where and with whom risk decision responsibilities lie; and
4. Create a repeatable, step by step process, for making risk/reward calculations for new business initiatives and ensure it is rolled out across the organization.