Global Security Chiefs Offer Five Recommendations to Overhaul Outdated Information Security Processes
RSA Releases New Report from the Security for Business Innovation Council
BEDFORD, Mass., Dec. 10, 2013 /PRNewswire/ –
-- RSA released a new Security for Business Innovation Council (SBIC) report on transforming outdated security processes to help neutralize cyber risks and threats. -- The Council's report reveals how stronger collaboration between business process owners and security teams to identify and evaluate cyber risks can become a new source of competitive advantage.
RSA, The Security Division of EMC (NYSE:EMC), today released the latest Security for Business Innovation Council (SBIC) report, providing guidance for how organizations can enable new competitive advantages in their business by transforming outdated and inflexible processes that govern the use and protection of information assets. The report highlights key challenges, upgraded techniques and actionable recommendations that can be used to plan and build new processes to help organizations gain business advantage and more effectively manage cyber risks.
In this latest report titled Transforming Information Security: Future-Proofing Processes, the Council observes that business groups within organizations are taking greater ownership of information risk management; however outdated security processes are hindering business innovation and make it difficult to combat new cybersecurity risks. The Council offers guidance calling for information security teams to collaborate more closely with functional business groups to establish new systems and processes to help identify, evaluate, and track cyber risks faster and with greater accuracy.
The new report spotlights areas ripe for security process improvement including risk measurement, business engagement, control assessments, third-party risk assessments, and threat detection. The Council also offers five recommendations for how to move information security programs forward to help business groups exploit risk for competitive advantage:
1. Shift Focus from Technical Assets to Critical Business Processes Expand beyond a technical, myopic view of protecting information assets and get a broader picture of how the business uses information by working with business units to document critical business processes. 2. Institute Business Estimates of Cybersecurity RisksDescribe cybersecurity risks in hard-hitting, quantified business terms and integrate these business impact estimates into the risk-advisory process. 3. Establish Business-centric Risk AssessmentsAdopt automated tools for tracking information risks so business units can take an active hand in identifying danger and mitigating risks and thus assume greater responsibility for security. 4. Set a Course for Evidence-based Controls AssuranceDevelop and document capabilities to amass data that proves the efficacy of controls on a continuous basis. 5. Develop Informed Data Collection TechniquesSet a course for data architecture that can enhance visibility and enrich analytics. Consider the types of questions data analytics can answer in order to identify relevant sources of data.
Art Coviello, Executive Vice President, EMC, Executive Chairman, RSA, The Security Division of EMC
“For the enterprise to successfully innovate in today’s digital world, security teams must re-evaluate cyber risk management efforts, steering away from reactive, perimeter-based approaches that are inflexible and focus instead on proactive collaboration with the business. Updated processes as described by the Council can help organizations achieve a greater visibility of risk that can be harnessed to benefit the business.”
Dave Martin, Vice President and Chief Information Security Officer, EMC Corporation
“Documenting business processes has to be a collaborative effort, to accurately reflect what the risks are to the system. We’ll never understand the business value of the information to the same degree as the business owner, and they’ll never understand the threats to the same degree as the security team.”
About the Security for Business Innovation Council
The Security for Business Innovation Council is a group of top security leaders from Global 1000 enterprises committed to advancing information security worldwide by sharing their diverse professional experiences and insights. The Council produces periodic reports exploring information security’s central role in enabling business innovation. This report is the second in a three-part series on building a next-generation information security program. The first report was titled Transforming Information Security: How to Build a State-of-the Art Extended Team.
Contributors to this report include 19 security leaders from some of the largest global enterprises:
ABN Amro FedEx Corp. Nokia ADP, Inc. Fidelity Investments SAP AG Airtel HDFC Bank Ltd. TELUS AstraZeneca HSBC Holdings plc. T-Mobile USA Coca-Cola Intel Walmart eBay Johnson & Johnson EMC Corp. JPMorgan Chase
-- Download the latest Security for Business Innovation Report -- Download infographic that highlights the Council's five recommendations -- RSA Blog: Five Ways to Future-proof Information Security Processes, By Laura Robinson, SBIC Chair -- Download the first report of the series Transforming Information Security: Designing a State-of-the Art Extended Team -- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast
RSA, The Security Division of EMC, is the premier provider of security, risk, and compliance- management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, and Fraud Protection with industry-leading GRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.EMC.com/RSA.
RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.