All of a sudden this month the security implications of the
“power to the people” revolution are coming into focus. More and more Ask an Expert research queries
from client security teams are centering on securing one of three new security
vectors:
- Unsanctioned, personal wireless devices (e.g smartphones) accessing network assets of all types. POPing email is the most common; sensitive asset access the most concerning.
- Workers using social networking resources on company time, for what they deem appropriate job-related reasons
- Rogue cloud computing applications that are being requisitioned by well-intentioned business unit managers “because it’s so easy and cheap.”
We recently completed the one-day gathering of members participating in our Security Maturity Benchmarking study, and it was quite the eye-opener.
- Benchmarking your team’s maturity against relevant peers is viewed by CISOs as the best way to make the resource/budget case with senior management
- High-performing IT security teams have adopted a “service delivery” model internally to accurately reflect to business units the value of security
- The optimal organization structure chosen by high-performing IT security teams is a small centralized operation (SOC) with dotted-line reports out in the operating divisions. These agents live inside the business, but enforce the standards set by central command.
Finally, we’re seeing a stronger and stronger interest in the GRC (Governance, Risk & Compliance) space as more CISOs are seeking a true risk management measurement tool to centralize the view of organizational risk.
We’ll host an Interactive Phone Conference on the topic on August 6.
Comments