How To Fix Outdated IT Security Processes
Companies having outdated information security systems are often at a greater risk than those that update their security processes on a regular basis. A new report released jointly by security firm RSA and Security for Business Innovation Council (SBIC) states that organizations should not only transform their outdated security processes to help neutralize cyber risks and threats, but also have a strong collaboration between teams – especially the CXOs and security teams - to identify and evaluate cyber risks in order to gain competitive advantage.
The report observes that business groups within organizations are taking greater ownership of information risk management. However outdated security processes are hindering business innovation and make it difficult to combat new cyber security risks. The Council offers guidance calling for information security teams to collaborate more closely with functional business groups to establish new systems and processes to help identify, evaluate, and track cyber risks faster and with greater accuracy.
The Council also offers five recommendations for how to move information security programs forward to help business groups exploit risk for competitive advantage:
From technical assets to critical business processes
Researchers have advised organizations to shift focus from technical assets to critical business processes. In other words, CXOs and security teams should expand beyond a technical, myopic view of protecting information assets and get a broader picture of how they can use information by working with business units to document critical business processes.
Institute business estimates of cybersecurity risks
According to the report, it is essential for companies to describe cybersecurity risks in hard-hitting, quantified business terms and integrate these business impact estimates into the risk-advisory process.
Establish business-centric risk assessments
Companies that have deployed automated tools for tracking information risks are in a better position, say researchers. In such a scenario, they believe that business units can take an active hand in identifying danger and mitigating risks and thus assume greater responsibility for security.
Set a course for evidence-based controls assurance
To mitigate risks, the report recommends organizations to create and document capabilities to collect data. This technique according to the researchers can prove the efficacy of controls on a continuous basis.
Develop informed data collection techniques
Companies are also required to set a course for data architecture that can enhance visibility and enrich analytics, according to the report. Researchers recommend that companies should consider the types of questions data analytics can answer in order to identify relevant sources of data.
The report also states that the areas ripe for security process improvement include risk measurement, business engagement, control assessments, third-party risk assessments and threat detection.
- How Companies Can Disrupt Ransomware Attacks
- Weekly Rewind: Top 10 Stories On CXO Today (Oct 16-20)
- Password Protected Wi-Fi Is Also Prone To Hacks: Study
- How Digital Platforms Are Helping Real Estate Business
- The 10 Best Companies For Women In India
- Delving Into The ABC Of Cyber Security
- Large-Scale IoT Projects Doubled In Last One Year: Study
- Weekly Rewind: Top 10 Stories On CXOToday (Oct 9-13)
- IoT Knowledge Gaps Exist In Consumer Product Industry
- HR Managers See CRM As An Effective Business Tool