Top Global Security Officers Reveal Strategies for Driving Business Advantage in an Economic Crisis
New report from RSA, The Security Division of EMC provides CSO/CISO roadmap for creating new efficiencies without sacrificing business value
“In a tough economy, it’s tempting for enterprises to rein in business innovation,” said RSA President
The 2009 CSO/CISO Agenda – New Security Efficiencies, Better Business Advantage
While the economy is in a downturn, the demands on security programs are escalating. Budgetary and staffing pressures coupled with heightened regulatory requirements, escalating threats and high senior leadership expectations continue to drive up the business stakes on security. In this climate, security teams are facing hard decisions about where to invest their time, money and efforts.
“Creating efficiencies and driving business advantage can seem like conflicting objectives, but they don’t need to be,” said
Released today, “Driving Fast and Forward: Managing Information Security for Strategic Advantage in a Tough Economy” provides five timely recommendations for managing security programs for business success in 2009:
- Prioritize Based on Risk/Reward: The Security for Business Innovation Council members call on security professionals to sharpen their ability to make tough judgment calls based on risk.
- Have the Right Mix of People on Your Team: In lean times, all security team members must have “the right stuff.” They should be able to partner with business owners, offer alternative solutions and speak to issues beyond security. In this report, Council members offer detailed advice for managing human resources, using consultants and extending teams through decentralization.
- Build Repeatable Processes: In most organizations, there are many opportunities to rationalize processes and achieve economies of scale. Council members recommend that security leaders improve efficiencies by applying traditional operational metrics to their security programs. They recommend working to embed security into core business processes to increase organizational productivity and drive down standalone security costs.
- Create an Optimal Shared Cost Strategy: Costs for security are often shared between the centralized security organization and the various business units and departments that need to protect information assets. While the formula varies from one enterprise to the next, Council members offer insight on how to ensure spending matches objectives and needs.
- Automate and Outsource Wisely: Using technology to automate manual processes and outsourcing some security functions may provide significant efficiencies and cost reductions, but it’s important to plan and manage these efforts carefully to maximize benefits. Council members share guidance on how to proceed for optimum business impact.
About the Security for Business Innovation Council
The Security for Business Innovation Council is comprised of 10 highly-successful Global 1000 security executives who are committed to sharing their own insights and experiences to help move information security forward at organizations worldwide. Council members include:
RSA-produced Security for Business Innovation Council reports are based on in-depth, one-on-one interviews with all Council members. The first report in the series offered a set of recommendations for making information security more strategic to business innovation. The second report provided a blueprint for making risk/reward calculations. RSA expects to release more original Council reports over the coming months. Those interested in learning more about the Security for Business Innovation Council reports can visit the RSA Thought Leadership website at http://www.RSA.com/securityforinnovation/ to view and download all of the studies.
RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. RSA’s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle – no matter where it moves, who accesses it or how it is used.
RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.
RSA is a registered trademark of RSA Security Inc. in the U.S. and/or other countries. EMC is a registered trademark of EMC Corporation. All other trade names and trademarks are the property of their respective holders.
SOURCE EMC Corporation