A group of security experts, the SBIC (Security for Business Innovation Council) has recently published a guide on strengthening security teams facing advanced threats such as cybercrime, insider threats and hacktivism. The purpose of this guide is to help companies appropriately manage the IT risks they face.
The information security mission has evolved; it is no longer simply represented by the implementation and operation of security controls. Indeed, its mandate must also include activities focused on business, such as the analysis of business risks, the value of assets, the integrity of the supply chain, the analysis of data security, process optimization, etc. Furthermore, technical expertise in information security should be developed and kept up to date in order to understand and protect against these new threats, which are often increasingly complex.
The guide provides seven recommendations, as follows:
- Redefine and strengthen core competencies
- Delegate routine operations
- Enlist the services of experts
- Guide risk owners in risk management
- Hire process optimization specialists
- Build key relationships
- Think outside the box for future expertise
Information security teams are evolving to meet the growing demands created by business environment challenges, various threats as well as regulations. Security awareness should not be done in silos; it requires a collaborative effort within the organization.
An effective security team must have a good understanding of the business processes as well as the importance of the appropriate security processes that must be implemented in order to fulfill its mandate.
For more information on the SC Magazine article and the guide developed by SBIC, please click on the following links:
https://www.emc.com/collateral/white-papers/h12227-rsa-designing-state-of-the-art-extended-team.pdf