Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » How security can be aligned to business objectives

How security can be aligned to business objectives

A Ponemon Institute report released late last year found that CISOs’ influence within companies is growing as IT security increasingly becomes a priority. However, interviews with senior-level IT security professionals at 184 companies in seven countries, including India and China, showed that security strategy in many organizations is still not yet aligned with business functions.

Amid evolving threat vectors, the influence of CISOs in managing their companies’ cybersecurity risks is growing in significance. This is evidenced by the 68% of respondents in the study that have the final say in all IT security spending while 64% have direct influence and authority over security expenditures in their organizations.

But despite their influence, security is only integrated with other business teams in 22% of the organizations, while in 45% of them, security function does not have clearly defined lines of responsibility. This has led to turf and silo issues that impede IT security tactics and strategies.

Need to talk

“It’s clear CISOs are making progress in how they drive the security function and the leadership role they are assuming within companies,” said Mike Convertino, CISO at F5. “But in many organizations, IT security is not yet playing the strategic, proactive role necessary to fully protect assets and defend against increasingly sophisticated and frequent attacks.”

For instance, recognition of security as a business priority in many organizations remains reactive. Only 51% of organizations have an IT security strategy. Even then, strategy is reviewed, approved and supported by other C-level executives in less than half of those organizations. Although material data breaches and cybersecurity exploits get attention from other senior executives, strategic discussions around security events are rare.

“Maybe one reason so many security programs aren’t aligned with the business is that, according to the same survey, only 16% of CISOs have a business background,” suggested Ray Pompon, principal threat researcher evangelist with F5 Labs.

After all, security is inherently not a standalone function, especially in protecting essential services that underpin digital transformation and business strategies. All stakeholders have to carry out the necessary risk assessments and due diligence to ensure strong basic cyber hygiene practices and to enhance cyber resilience. CISOs have to align security strategies with a range of areas ranging from regulatory compliance and incident response to information sharing and capability development.

Pompon urged CISOs struggling to align their security program with business objectives to first understand their organization’s business. To do this, CISOs must ask questions and do their homework – not only about their organization but also their industry sector. For example, there is a need to understand their organization’s raison d’être; who the customers are; and who its key partners are.

Armed with this knowledge, CISOs can then move on to determine how revenue flows into their organization; how it loses revenue; and the availability of cash reserves for rainy days.

From there, determine the assets to be protected; the functions to be kept available always; the systems and information that employees need to do their job; and the regulations that the organization must abide by. These and many more questions relating to organizational challenges, processes, technological use, competition, customer base, changing regulations, et cetera, will help CISOs to leverage business understanding to get buy-in on risk reduction programs.

Where the treasure is

“Remember that when a security incident occurs, it can have many different kinds of impacts: loss of customer confidence, reduction in sales advantage, regulator fines, operational overhead, and loss of competitive advantage due to breached trade secrets,” Pompon prompted. “Find the hot buttons and push them.”

One key approach to building trust with business heads is to develop the skill of empathetic listening. “You listen with the goal of understanding the other person’s point of view and acknowledging how they feel about the situation,” Pompon advised. “Listen carefully to their problems and then, once they’ve had their say, you can connect their jobs to the security mission.”

Yet, despite the deficiencies in security-business alignment, the Ponemon study has revealed good news. One bright spot is that 60% of respondents have aligned IT security operations with business objectives. Further, the majority of CISOs are influential in managing their companies’ cybersecurity risks, with 65% reporting to senior executives who are no more than three steps below the CEO on the organization chart. And if a serious security incident occurs, more than half of the CISOs have a direct channel to the CEO.

Even while CISOs continue to strive toward proactive business-aligned security strategies, progress is being made in today’s app-centric digital environment.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket