A step-change in the structure, governance and approach to Information Security
Organisations are under more pressure than ever to address their information security issues yet at the same reduce their operational overheads. Increasing media attention, as a result of a number of high profile security breaches, is being accompanied by an ever growing list of legislative and regulatory requirements (e.g., Sarbanes-Oxley, PCI DSS and various Information Privacy requirements).
In response, many organisations have gone for an evolution-based approach aimed at addressing just one or two priority areas. This has often resulted in a proliferation of tools and techniques for managing threats and compliance, thus introducing unnecessary operational inefficiencies.
The solution – fundamental change
To be able to address what appears to be conflicting priorities of improved security controls and reduced operational overheads, many information security functions must undergo a rapid transformation. This transformation requires a ‘step-change’ in the structure, governance and approach to Information Security requiring up-front investment to achieve operational excellence aligned to the mission and vision of the organisation.
Successful delivery can be a significant and daunting task, requiring organisations to concurrently manage complex and challenging projects, changes to key systems and control environments and transformation of the security culture of across the entire organisation.