Do your CSO, CIO, information security professionals and software developers have measurable quotas and compensation for meeting or exceeding their information security numbers? Chances are, your firm is not running information security like a business unit with a tightly focussed strategy on customers, market and competitors. Without well-defined, standard, vendor-neutral threat models and performance metrics. there cannot be improvement; and improvement is what our customers want.
Choose a business strategy for information security. Information security today works on a cycle of reaction and acquisition but, needs to operate continuously and proactively within a well-defined, standards-based threat model that can be benchmarked against the best players in your industry just like companies benchmark earnings per share. In his classic article, "What is strategy?" Michael Porter writes how "the essence of strategy is what not to choose...a strong competive position requires clear tradeoffs and choices and a system of interlocking business activites that fit well and sustain the business". Security of your business information also requires a strategy.
Read this full article at Always On
|
|
Only registered users can write comments.
Please login or register.
Powered by AkoComment!