Proactive Security Management - “The next BIG focus“

IT Trends and challenges:

World is becoming Instrumental, Interconnected and Intelligent. IT security teams in enterprises are faced with rapidly mutating threats at every possible point of entry. This is fuelled by the fast evolution of threat landscape and sea of changes in network and security architecture.

  • Changing network paradigm
  • Network has taken center stage – Wired or wire-free
  • Excitement starts from data center
  • BIG data – A true differentiators
  • 100% up-time
  • BYOD demand
  • Rapidly mutating threats
  • Roll out new services

 

TRENDS

PC era                                    Cloud era / Visualization

Deploy -                                 Deliver

Lock-in –                               Option

Rigid –                                   Elastic

Fixed cost –                           Variable

Complex –                              Simple

Simply summaries as Evolution VS Revolution. This underlines today’s situation Security is no longer optional.

(Read more: Concept note - CISO Recommendation Index- A community based product rating framework)


At the same time let us look at what business wants?

  • RoI – Or more than that
  • Aligned with IT (and Finance)
  • Technology updates
  • Skill set
  • Capex VS Opex
  • Tangent VS in-tangent

Now and into the future

So, what is stored for IT?

The challenge – Stability VS growth

Every improvement is a change, which calls for change management. It calls for a Strategic case:

  1. Necessitating
  2. Different potential
  3. Can we afford?
  4. What is the main driver?

If it is unplanned, it may end up in RoNReturn on Negligence. It becomes important for measuring IT Savvy. By using newer gadgets at different levels, it is improper to consider as IT Savvy organisation. Better to consider other points as well to quantify.

  1. Internal and external communication
  2. Internet use
  3. Digital transaction
  4. Organisation-wide IT Skills and Cyber (Law) awareness
  5. Business management – Involvement
  6. Compliance
  7. Certification
  8. Indian (Country Specific) context
  9. Roll back – What sort of data and when? – Basically point to RISK management
  10. Data recovery

(Read more:  Top 5 Application Security Technology Trends)

Myth:

  • “IT” is at the heart of organisational identity
  • We are good at what we are doing.  (But needs lots of muscle..!)
  • Data Driven or intuitive
  • Allocation of capital and manage risk in a policy manual
  • Shared services and Process integration method
  • Global sourcing with SLAs.

One needs to enhance INFOSEC department with capability for different level of services and appropriate timely training. To lead the way, need security management tools that give continuous visibility into network; non-disruptive ways to proactively assess the risk of attacks. Allow to handle intelligent, actionable security recommendations. This is to make existing defences more effective at minimising vulnerabilities and risk.

Organisations typically maintain large application estates to power the business. It is well known fact that applications represent one of the most vulnerable channels. Therefore, organisations require an experienced security team with a core understanding of how to deal with application environment and project to the management.

Latest trend is so horrible, firewalls; IPS, gateways and Antivirus solutions are nearly defenceless against new threats like Advanced Targeted Attacks. Every organisation is at risk to this next generation of threat. By assessing “callback” information one can begin to take more realistic look at the threats, organisation will likely face, and the steps needed to guard against those attacks.

More:  Want to be an author? Nominations open for co-authors of CISO Handbook    

 

 

Views: 243

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service