Security Can Be A Business Enabler

Security Can Be A Business Enabler
by infosecurity
 
Organisations can use security to drive the business forward,an Infosecurity Europe keynote panel says.
Security can be an enabler for a more efficient, and more profitable business. But making security work for the business takes skill. This was the message from the Security as an Enabler panel at Infosecurity Europe 2014, chaired by Peter Wood, CEO of First Base Technology and of member of ISACA's London Chapter security advisory group.
This does, though, require a culture change among both security professionals, and the business. Security professionals can no longer say no, but they also need to advise the business on acceptable levels of risk.
"With the move to the cloud, you have to move away from protecting the castle. You have to protect the data and the applications, and that changes the process", said David Cass, SVP and CISO at Elsevier. "You have to help the business to make money", said Lee Barney, Head of Information Security at the Home Retail Group.
But, said Peter Wood, helping the business means finding security professionals who have business acumen. "It is up to us to find, and nurture, people who want to help the business", he said.
This means engaging with the business, said Michael Colao, Head of Security, Chief Technology Organisation at AXA UK, even if that is a battle the security sector has been fighting for some time. "It means having security professionals prepared to engage with the business", he said.
"They need to answer the questions the business wished it had asked, rather than the questions it actually asked".
Non-security professionals will think in terms of easier access to an online account, rather than biometric or token-based security".
 
Full Article