SlideShare ist ein Scribd-Unternehmen logo

BCS ITNow 201506 - Silver Bullet

Gareth Niblett
Gareth Niblett

A holistic top-down approach is needed to address data and access management challenges, rather than relying on technology alone or a traditional bottom-up IT approach. An organization's culture and risk appetite should determine expected outcomes, which then define the policies, processes, procedures and technology solutions required. Only after empowering and training people can a technical solution be implemented to consider all end-to-end threats while aligning with the organization's desired outcomes and risk management strategy.

Technologie
1 von 1
Downloaden Sie, um offline zu lesen
Although vendors can have the tendency to present their technology as the silver bullet to solve your data and access management problems, it is only through integrating people, policy, process and technology that you can hope to address such a multi-faceted challenge. Technology should only be a means to an end. Be it preventing data loss, providing secure remote working, ensuring mobile payment security, applying common policy across diverse platforms, federating data sharing, or assuring end-points and supply chains, a holistic top-down approach is required, rather than a traditional IT-driven bottom-up one. The organisation’s culture and risk management should determine the expected outcomes, driving the actions required to achieve them. Without getting the buy-in of management, staff and suppliers, and bringing along the journey, the so-called silver-bullet ends up as ammunition for corporate Russian roulette. There then needs to be a clear understanding of the policies required to support the organisation’s desired outcomes, aligned with its risk appetite, which translate into the ‘rules’ that should be applied, through process, procedures, or technology. Some risks can also be managed through contracts and insurance. Only once the above is in place, and INFORMATION SECURITY there are empowered and trained people in place, who understand the risks and means by which the organisation intends to treat them, can a technical solution be put in place. The solution should consider and address all end-to-end technical and non-technical threats and exposures. When it comes to choosing technology solutions, don’t shoot yourself in the foot says Gareth Niblett, Chairman of the BCS Information Security Specialist Group. Information Security Specialist Group (ISSG): www.bcs-issg.org.uk Information Risk Management and Assurance Specialist Group: www.bcs.org/groups/irma BCS Security Community of Expertise (SCoE): www.bcs.org/securitycommunity FURTHER INFORMATION doi:10.1093/itnow/bwv037©2015TheBritishComputerSocietyImage:iStock/152126875 22 ITNOW June 2015 SILVER BULLET that your ENTIRE ORGANISATION is secure. It takes a FULLY TRAINED TEAM to ensure Download to learn more.cert.isc2.org/infosecpros INSPIRING A SAFE AND SECURE CYBER WORLD. IT pros with information security skills have never been more in demand. Security isn’t just the responsibility of information security leaders.

Empfohlen

CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber Attack
Kevin Duffey
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a Role
Kevin Duffey
 
Business Continuity requires a Security Architecture to reduce risk and cost
Business Continuity requires a Security Architecture to reduce risk and costBusiness Continuity requires a Security Architecture to reduce risk and cost
Business Continuity requires a Security Architecture to reduce risk and cost
PECB
 
BBOX Business Risk
BBOX Business RiskBBOX Business Risk
BBOX Business Risk
Brad Foster
 
Social Engineering the CEO
Social Engineering the CEOSocial Engineering the CEO
Social Engineering the CEO
Kevin Duffey
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For Action
Barry Greene
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Cohesive Networks
 

Empfohlen

CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber Attack
Kevin Duffey
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a Role
Kevin Duffey
 
Business Continuity requires a Security Architecture to reduce risk and cost
Business Continuity requires a Security Architecture to reduce risk and costBusiness Continuity requires a Security Architecture to reduce risk and cost
Business Continuity requires a Security Architecture to reduce risk and cost
PECB
 
BBOX Business Risk
BBOX Business RiskBBOX Business Risk
BBOX Business Risk
Brad Foster
 
Social Engineering the CEO
Social Engineering the CEOSocial Engineering the CEO
Social Engineering the CEO
Kevin Duffey
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For Action
Barry Greene
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Cohesive Networks
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
Phil Agcaoili
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crime
Kevin Duffey
 
Cyber Heroes of tomorrow's world
Cyber Heroes of tomorrow's worldCyber Heroes of tomorrow's world
Cyber Heroes of tomorrow's world
Kevin Duffey
 
Best cybersecurity services for organizations
Best cybersecurity services for organizationsBest cybersecurity services for organizations
Best cybersecurity services for organizations
wilsonconsulting1
 
Brochure - About Rook
Brochure - About RookBrochure - About Rook
Brochure - About Rook
Julie Brown, CPMM
 
Wilson Consulting Group
Wilson Consulting GroupWilson Consulting Group
Wilson Consulting Group
wilsonconsulting1
 
Cyber risk trends in 2015
Cyber risk trends in 2015Cyber risk trends in 2015
Cyber risk trends in 2015
Wynyard Group
 
How to make managed services work
How to make managed services workHow to make managed services work
How to make managed services work
Jacklyn Johnson
 
CSA LATAM FORUM - NETSKOPE
CSA LATAM FORUM - NETSKOPECSA LATAM FORUM - NETSKOPE
CSA LATAM FORUM - NETSKOPE
CSA Argentina
 
Security and Risk Mitigation
Security and Risk MitigationSecurity and Risk Mitigation
Security and Risk Mitigation
haydenchamber
 
When network security is not enough
When network security is not enoughWhen network security is not enough
When network security is not enough
DATA SECURITY SOLUTIONS
 
ATOS: Preparing your business to manage cyber incidents
ATOS: Preparing your business to manage cyber incidentsATOS: Preparing your business to manage cyber incidents
ATOS: Preparing your business to manage cyber incidents
bcilondonforum
 
Towards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teamsTowards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teams
Rick van der Kleij
 
Etherisc at the Ethereum Meetup Vienna 20 March 2017 (Part 1)
Etherisc at the Ethereum Meetup Vienna 20 March 2017 (Part 1)Etherisc at the Ethereum Meetup Vienna 20 March 2017 (Part 1)
Etherisc at the Ethereum Meetup Vienna 20 March 2017 (Part 1)
Stephan Karpischek
 
2018 IDG Security Priorities Infographic
2018 IDG Security Priorities Infographic2018 IDG Security Priorities Infographic
2018 IDG Security Priorities Infographic
IDG
 
FINTECH, CYBERSECURITY AND BUSINESS READINESS
FINTECH, CYBERSECURITY AND BUSINESS READINESS FINTECH, CYBERSECURITY AND BUSINESS READINESS
FINTECH, CYBERSECURITY AND BUSINESS READINESS
Andrew_Goss
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
Peak 10
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
centralohioissa
 
Preparing for a media crisis
Preparing for a media crisisPreparing for a media crisis
Preparing for a media crisis
Fiona Austin
 
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium
 
BCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic SecurityBCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic Security
Gareth Niblett
 
Security Strategies for Success
Security Strategies for SuccessSecurity Strategies for Success
Security Strategies for Success
Citrix
 

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crime
 
Cyber Heroes of tomorrow's world
Cyber Heroes of tomorrow's worldCyber Heroes of tomorrow's world
Cyber Heroes of tomorrow's world
 
Best cybersecurity services for organizations
Best cybersecurity services for organizationsBest cybersecurity services for organizations
Best cybersecurity services for organizations
 
Brochure - About Rook
Brochure - About RookBrochure - About Rook
Brochure - About Rook
 
Wilson Consulting Group
Wilson Consulting GroupWilson Consulting Group
Wilson Consulting Group
 
Cyber risk trends in 2015
Cyber risk trends in 2015Cyber risk trends in 2015
Cyber risk trends in 2015
 
How to make managed services work
How to make managed services workHow to make managed services work
How to make managed services work
 
CSA LATAM FORUM - NETSKOPE
CSA LATAM FORUM - NETSKOPECSA LATAM FORUM - NETSKOPE
CSA LATAM FORUM - NETSKOPE
 
Security and Risk Mitigation
Security and Risk MitigationSecurity and Risk Mitigation
Security and Risk Mitigation
 
When network security is not enough
When network security is not enoughWhen network security is not enough
When network security is not enough
 
ATOS: Preparing your business to manage cyber incidents
ATOS: Preparing your business to manage cyber incidentsATOS: Preparing your business to manage cyber incidents
ATOS: Preparing your business to manage cyber incidents
 
Towards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teamsTowards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teams
 
Etherisc at the Ethereum Meetup Vienna 20 March 2017 (Part 1)
Etherisc at the Ethereum Meetup Vienna 20 March 2017 (Part 1)Etherisc at the Ethereum Meetup Vienna 20 March 2017 (Part 1)
Etherisc at the Ethereum Meetup Vienna 20 March 2017 (Part 1)
 
2018 IDG Security Priorities Infographic
2018 IDG Security Priorities Infographic2018 IDG Security Priorities Infographic
2018 IDG Security Priorities Infographic
 
FINTECH, CYBERSECURITY AND BUSINESS READINESS
FINTECH, CYBERSECURITY AND BUSINESS READINESS FINTECH, CYBERSECURITY AND BUSINESS READINESS
FINTECH, CYBERSECURITY AND BUSINESS READINESS
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
Preparing for a media crisis
Preparing for a media crisisPreparing for a media crisis
Preparing for a media crisis
 
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
 

Ähnlich wie BCS ITNow 201506 - Silver Bullet

200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
Chad Korosec
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
Jim Romeo
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
Charmaine Servado
 
I-Week April 2004 - Claudia Warwar
I-Week April 2004 - Claudia WarwarI-Week April 2004 - Claudia Warwar
I-Week April 2004 - Claudia Warwar
Claudia Warwar
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
William McBorrough
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
Laurie Mosca-Cocca
 
Ulf mattsson the standardization of tokenization and moving beyond pci
Ulf mattsson the standardization of tokenization and moving beyond pciUlf mattsson the standardization of tokenization and moving beyond pci
Ulf mattsson the standardization of tokenization and moving beyond pci
Ulf Mattsson
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
Rahul Tyagi
 
Risk Management
Risk ManagementRisk Management
Risk Management
ijtsrd
 

Ähnlich wie BCS ITNow 201506 - Silver Bullet (20)

BCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic SecurityBCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic Security
 
Security Strategies for Success
Security Strategies for SuccessSecurity Strategies for Success
Security Strategies for Success
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 
BCS ITNow 201512 - Cyber Innovation
BCS ITNow 201512 - Cyber InnovationBCS ITNow 201512 - Cyber Innovation
BCS ITNow 201512 - Cyber Innovation
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
Security Hurts Business - Don't Let It
Security Hurts Business - Don't Let ItSecurity Hurts Business - Don't Let It
Security Hurts Business - Don't Let It
 
I-Week April 2004 - Claudia Warwar
I-Week April 2004 - Claudia WarwarI-Week April 2004 - Claudia Warwar
I-Week April 2004 - Claudia Warwar
 
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecXavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss Prevention
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Ulf mattsson the standardization of tokenization and moving beyond pci
Ulf mattsson the standardization of tokenization and moving beyond pciUlf mattsson the standardization of tokenization and moving beyond pci
Ulf mattsson the standardization of tokenization and moving beyond pci
 
infosec-it
infosec-itinfosec-it
infosec-it
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White Paper
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Top Technology Trends in Insurance Domain.pdf
Top Technology Trends in Insurance Domain.pdfTop Technology Trends in Insurance Domain.pdf
Top Technology Trends in Insurance Domain.pdf
 

Mehr von Gareth Niblett

RIPA: Perception and Practice
RIPA: Perception and PracticeRIPA: Perception and Practice
RIPA: Perception and Practice
Gareth Niblett
 

Mehr von Gareth Niblett (13)

Preventing Predictable Problems (Possibly)
Preventing Predictable Problems (Possibly)Preventing Predictable Problems (Possibly)
Preventing Predictable Problems (Possibly)
 
BCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest ThreatsBCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest Threats
 
BCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider ThreatsBCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider Threats
 
BCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber ResponseBCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber Response
 
BCS ITNow 201303 - Cope, Educate, Secure
BCS ITNow 201303 - Cope, Educate, SecureBCS ITNow 201303 - Cope, Educate, Secure
BCS ITNow 201303 - Cope, Educate, Secure
 
BCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share SecurelyBCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share Securely
 
BCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 ThreatsBCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 Threats
 
BCS ITNow 201406 - The Risk Business
BCS ITNow 201406 - The Risk BusinessBCS ITNow 201406 - The Risk Business
BCS ITNow 201406 - The Risk Business
 
BCS ITNow 201409 - What's Going On
BCS ITNow 201409 - What's Going OnBCS ITNow 201409 - What's Going On
BCS ITNow 201409 - What's Going On
 
BCS ITNow 201412 - Stay Alert
BCS ITNow 201412 - Stay AlertBCS ITNow 201412 - Stay Alert
BCS ITNow 201412 - Stay Alert
 
BCS ITNow 201509 - Identity
BCS ITNow 201509 - IdentityBCS ITNow 201509 - Identity
BCS ITNow 201509 - Identity
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber Defence
 
RIPA: Perception and Practice
RIPA: Perception and PracticeRIPA: Perception and Practice
RIPA: Perception and Practice
 

Kürzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Kürzlich hochgeladen (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

BCS ITNow 201506 - Silver Bullet

  • 1. Although vendors can have the tendency to present their technology as the silver bullet to solve your data and access management problems, it is only through integrating people, policy, process and technology that you can hope to address such a multi-faceted challenge. Technology should only be a means to an end. Be it preventing data loss, providing secure remote working, ensuring mobile payment security, applying common policy across diverse platforms, federating data sharing, or assuring end-points and supply chains, a holistic top-down approach is required, rather than a traditional IT-driven bottom-up one. The organisation’s culture and risk management should determine the expected outcomes, driving the actions required to achieve them. Without getting the buy-in of management, staff and suppliers, and bringing along the journey, the so-called silver-bullet ends up as ammunition for corporate Russian roulette. There then needs to be a clear understanding of the policies required to support the organisation’s desired outcomes, aligned with its risk appetite, which translate into the ‘rules’ that should be applied, through process, procedures, or technology. Some risks can also be managed through contracts and insurance. Only once the above is in place, and INFORMATION SECURITY there are empowered and trained people in place, who understand the risks and means by which the organisation intends to treat them, can a technical solution be put in place. The solution should consider and address all end-to-end technical and non-technical threats and exposures. When it comes to choosing technology solutions, don’t shoot yourself in the foot says Gareth Niblett, Chairman of the BCS Information Security Specialist Group. Information Security Specialist Group (ISSG): www.bcs-issg.org.uk Information Risk Management and Assurance Specialist Group: www.bcs.org/groups/irma BCS Security Community of Expertise (SCoE): www.bcs.org/securitycommunity FURTHER INFORMATION doi:10.1093/itnow/bwv037©2015TheBritishComputerSocietyImage:iStock/152126875 22 ITNOW June 2015 SILVER BULLET that your ENTIRE ORGANISATION is secure. It takes a FULLY TRAINED TEAM to ensure Download to learn more.cert.isc2.org/infosecpros INSPIRING A SAFE AND SECURE CYBER WORLD. IT pros with information security skills have never been more in demand. Security isn’t just the responsibility of information security leaders.