Security Talk Turns Towards Business Alignment and Innovation

Executives at the recent annual RSA Security Conference emphasized the need for security concerns to better align with business processes. In other news, respondents to an Information Week security survey admitted that their security programs do not have sufficient business alignment, while the Secretary for the US Department of Homeland Security warned of potential far-reaching consequences to future security attacks.

Focal Points:

• Executives attending the RSA Security Conference shifted their focus from last year’s emphasis on the need for industry consolidation to the need for security professionals to help increase innovation as well as delivering better business value. These thoughts were corroborated by a recent security survey which showed that 80 percent of business and security executives had been reluctant to take up some opportunities for innovation due to concerns of security. One of the keynote presenters said that security professionals should shift their focus from eliciting fear and citing worst case scenarios to helping show how new technology in security can augment new products and services. To this end, RSA Security, Inc. has created a Security for Business Innovation Council. Its goal is to help facilitate discussions between security personnel on increasing their business relevance.
• A recent survey of over 1000 respondents to an InformationWeek Global Information Security Survey showed that 43 percent of respondents measured security value based on how much less time workers spend on security issues. 33 percent of the respondents measured security value based on how many fewer security breaches their companies encountered. An equal percentage counted security value based on increased network availability, while 24 percent measured value based on a reduction in incident response time. Most of the respondents did not have a specific measure of business value, with some respondents indirectly measuring business value by improving intellectual property protection and improving risk management strategies.
• US Department of Homeland Security Secretary, Michael Chertoff, recently called federal agencies to increase their security postures, in order to more quickly respond to what he believes are impending large-scale security attacks. The Secretary warned that a large security attacks could bring about consequences comparable to the 9/11 attacks. Chertoff said "We have to look not only at threats that have materialized in the past; we have to consider the threats that may materialize in the future. He further stated "We know that a successful large-scale cyberattack against our country would have very wide-reaching consequences." For example, "Imagine what would happen if it were possible for hackers to enter the air travel system," he said.

Experton Group believes security threats will become more sophisticated, and these future attacks will likely have an increasingly significant business impact. While individual security products continue to improve, security personnel must work more closely with business executives to make sure security policies are aligned with business risk, and metrics are developed to better measure the business value of security policies and technology.