Weitere ähnliche Inhalte Ähnlich wie BCS ITNow 201506 - Silver Bullet (20) Mehr von Gareth Niblett (13) Kürzlich hochgeladen (20) BCS ITNow 201506 - Silver Bullet1. Although vendors can have the tendency
to present their technology as the silver
bullet to solve your data and access
management problems, it is only through
integrating people, policy, process and
technology that you can hope to address
such a multi-faceted challenge. Technology
should only be a means to an end.
Be it preventing data loss, providing
secure remote working, ensuring mobile
payment security, applying common policy
across diverse platforms, federating data
sharing, or assuring end-points and supply
chains, a holistic top-down approach is
required, rather than a traditional IT-driven
bottom-up one.
The organisation’s culture and risk
management should determine the
expected outcomes, driving the actions
required to achieve them. Without getting
the buy-in of management, staff and
suppliers, and bringing along the journey,
the so-called silver-bullet ends up as
ammunition for corporate Russian roulette.
There then needs to be a clear
understanding of the policies required
to support the organisation’s desired
outcomes, aligned with its risk appetite,
which translate into the ‘rules’ that should
be applied, through process, procedures,
or technology. Some risks can also be
managed through contracts and insurance.
Only once the above is in place, and
INFORMATION SECURITY
there are empowered and trained people
in place, who understand the risks and
means by which the organisation intends
to treat them, can a technical solution be
put in place. The solution should consider
and address all end-to-end technical and
non-technical threats and exposures.
When it comes to choosing technology solutions, don’t shoot
yourself in the foot says Gareth Niblett, Chairman of the BCS
Information Security Specialist Group.
Information Security Specialist
Group (ISSG):
www.bcs-issg.org.uk
Information Risk Management and
Assurance Specialist Group:
www.bcs.org/groups/irma
BCS Security Community of
Expertise (SCoE):
www.bcs.org/securitycommunity
FURTHER INFORMATION
doi:10.1093/itnow/bwv037©2015TheBritishComputerSocietyImage:iStock/152126875
22 ITNOW June 2015
SILVER
BULLET
that your ENTIRE ORGANISATION is secure.
It takes a FULLY TRAINED TEAM to ensure
Download to learn more.cert.isc2.org/infosecpros
INSPIRING A SAFE AND SECURE CYBER WORLD.
IT pros with information
security skills have never
been more in demand.
Security isn’t just the
responsibility of information
security leaders.