Technology Sectors
Defining IT security success
Thu, 2009-03-05 01:03 PM
At first glance, defining IT security success seems to be pretty straightforward. The job of the security professional is to stop attacks and protect corporate information. Right?
Well, after further reflection, the answer is both Yes and No.
The reality is that every organization will have a different definition of success. It's based upon culture and industry and even strategic priorities. So, what constitutes success may change from year to year (and even month to month in today's dynamic environment).
In the commercial space, security success usually breaks down to maintaining availability and protecting intellectual property and private data. The lifeblood of pretty much every organization is based on its digitized information assets, which need to be protected That is pretty consistent across every industry.
In the public sector, the drivers are a bit different and in many cases more challenging. First and foremost, the government (or organization) must maintain the trust of its citizens. No government can operate without that implicit trust, so protecting their data is absolutely critical -- even beyond maintaining its availability.
Just think of the black eye suffered by the Veterans Administration (VA) when it experienced the big data breach a few years ago. It called into question the trust of the millions of veterans, and I'd posit that their trust probably hasn't been restored quite yet.
Another complicating factor is the need for some degree of openness. Each state and the federal government has different guidelines about what data is publicly available and when. The security policies must factor those nuances into the mix.
Ultimately, I can ruminate all day long about what IT security success means to each organization and I'll likely be wrong. Why?
Because I'm not responsible for your organization. The only folks that can really tell you what success means are your own leaders. And the best way for them to tell you is if you ask.
That's right, you need to get up from behind your desk and set up some face-to-face time with the leaders of your organization. You need to ask them what's the most important data in your shop. You need to understand who is going to get fired if that data is compromised.
The best way to define your own success is to map it to the critical imperatives of your leadership. You can't go wrong if your goal is to make sure your boss's boss's boss doesn't get fired.
Mike Rothman is senior vice president for strategy at eIQnetworks. He can be reached at:
mike.rothman@eiqnetworks.com.
Well, after further reflection, the answer is both Yes and No.
The reality is that every organization will have a different definition of success. It's based upon culture and industry and even strategic priorities. So, what constitutes success may change from year to year (and even month to month in today's dynamic environment).
In the commercial space, security success usually breaks down to maintaining availability and protecting intellectual property and private data. The lifeblood of pretty much every organization is based on its digitized information assets, which need to be protected That is pretty consistent across every industry.
In the public sector, the drivers are a bit different and in many cases more challenging. First and foremost, the government (or organization) must maintain the trust of its citizens. No government can operate without that implicit trust, so protecting their data is absolutely critical -- even beyond maintaining its availability.
Just think of the black eye suffered by the Veterans Administration (VA) when it experienced the big data breach a few years ago. It called into question the trust of the millions of veterans, and I'd posit that their trust probably hasn't been restored quite yet.
Another complicating factor is the need for some degree of openness. Each state and the federal government has different guidelines about what data is publicly available and when. The security policies must factor those nuances into the mix.
Ultimately, I can ruminate all day long about what IT security success means to each organization and I'll likely be wrong. Why?
Because I'm not responsible for your organization. The only folks that can really tell you what success means are your own leaders. And the best way for them to tell you is if you ask.
That's right, you need to get up from behind your desk and set up some face-to-face time with the leaders of your organization. You need to ask them what's the most important data in your shop. You need to understand who is going to get fired if that data is compromised.
The best way to define your own success is to map it to the critical imperatives of your leadership. You can't go wrong if your goal is to make sure your boss's boss's boss doesn't get fired.
Mike Rothman is senior vice president for strategy at eIQnetworks. He can be reached at:
mike.rothman@eiqnetworks.com.
Recent Webinars
Thu, 04/26/2012 - 2:00pm - 3:00pm
