- The 10 dumbest mistakes network managers make
- Six Windows 7 features admins will actually care about
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- More porn sneaks onto the iPhone
To make security a priority at any organization, security professionals must align their goals with those of the business itself. Once business-unit heads view security as an enabler instead of a hindrance, they will invite security professionals to the table during the early stages of project planning.
If you increase your business and political savvy in your organization, chances are you'll be in a position to align security measures better with business goals. Here's a quick quiz that will help you determine how business savvy you are and highlight the areas that need work.
1. Do you believe there's such a thing as 100% security?
If your answer is yes, start changing your outlook. Absolute security may sound like you're doing a great job, but it's an unobtainable state --
and flies in the face of business, which is about taking risks. "Businesses are not in the function of eliminating risk, because
that eliminates profits as well," says Andy Ellis, senior director of information security at Akamai Technologies. Your goal should be to provide the appropriate security to enable the business.
If your answer is no, think about balancing an acceptable level of risk against meeting business goals, and discuss and negotiate this risk level
with business-unit heads.
2. What is your primary responsibility as a security professional?
A. Mitigate risk
B. Minimize threats
C. Advise the business
If your answer is A or B, you're focusing on how your role limits the organization. Focus instead on how security can enable business, and become an
adviser to the executive team.
If your answer is C, you understand what your role in the organization should be.
1. Do you know the goals of each business unit in your organization, and how that group defines success?
If your answer is yes, make sure you're able to use this knowledge when you're planning security strategies. And keep your knowledge up to date:
Check back regularly with business-unit heads to learn about new strategies.
If your answer is no, sit down with business-unit heads to get a quick overview of the unit and its goals. Remind them that your job is to help
them achieve these goals. They will be more likely to ask you to join a planning meeting for a new IT project if you can speak
in terms of the benefits security can bring them.
2. When a business-unit head comes to you to explain a new project, you:
A. Ask about the project's goals
B. Outline the security risks of such a project
C. Run away
If your answer is A, you're more likely to get the security you want integrated into the project than if your answer is B. Understanding a project's
goals first, then suggesting appropriate levels of security will make the business-unit head more receptive to your ideas
than if you respond negatively with reasons why the project won't work. "Security professionals have to ask, 'what are you
trying to accomplish?' and get involved at the front-end planning state to manage risk," says Chad Mead, global head of infrastructure
security with JPMorgan Chase Bank, headquartered in New York.
If your answer is C, don't expect the manager to be all ears when you attempt to add security measures to the project in the 11th hour.
When a competitor suffers from a security problem, you:
A. Hide the news from the executive team so it doesn't think the problem will happen to your organization, too.
B. Tell business-unit heads how your organization can learn from competitors' mistakes.
C. Publicize the security issue and ridicule your competitor.
If your answer is A, understand that hiding from the news won't help you when your executive board wants to know whether such a mistake could
happen in their own business. "As an industry, [security professionals are] awfully short-sighted when it comes to building
political capital. Our job is to be the adviser -- to influence the business through political capital," Akamai's Ellis says.
If your answer is B, you're on the right track to becoming a trusted adviser to the business.
If your answer is C, well, that's just plain mean.
< Return to main story: How to fashion a ‘security first’ enterprise >
The Leader in Network Knowledge
Partner Content
Explore the Ultrium Edge
The powerful tape technology can address data security with tape encryption as well as long term data protection.
Find Out More
Disk and Tape Square Off
Discover what disk and tape really cost and which solution provides lower total cost of ownership and optimizes energy use for your organization
Download this White Paper
Don't Fall for the Myths
The Clipper Group explores the truth behind the myths of tape, digging into the misconceptions in the disk vs. tape debate.
Review this information
information examination
An examination of information security issues, methods and securing data with LTO-4 tape drive encryption
Read this analysis
Comment