|
Whether or not your company is directly affected, the global downturn will force you to rethink your security strategy. Here’s a 12-step game plan for today's CISO
By Khalid Kark, Forrester Research, November 30, 2009, 1100 hrs
As security gets embedded into the day-to-day operations of business, the scope and complexity of the information security organization's responsibilities is increasing.
Security is not a standalone discipline anymore, and security professionals today need to look outward and understand the broader business context if they want to succeed in their job. Security also needs to be adaptable and adjust based on changing technological and economic environments.
The 12-step game plan for today's CISO
Whether you are directly affected or not, the global downturn will force you to rethink your existing security strategy and priorities. Some organizations will be affected more than others, but universally you should seek to:
-
Spend your budget on projects that impact the bottom line of the business.
Let's be honest—most security projects can't be justified strictly on the basis of ROI. But certain projects can create efficiencies and have tangible cost savings while maintaining or even improving security. A project where you are automating or redesigning a process for greater efficiency or using the existing modules/features of a tool that you already have, instead of purchasing a new tool, will improve the bottom line of the business.
-
Develop a flexible and nimble approach for taking on large investment projects.
Whether you are working with a vendor or doing it yourself, it's essential that you divide up large projects into small, digestible chunks. This becomes an absolute necessity in tough economic times, where you may not have budget or resources to work on the project a few months down the road. You want to have the flexibility to adjust the timeline and the investment on short notice. Some companies would pay a slightly higher cost to have the flexibility of shorter term contracts with their vendors.
-
Adopt managed services to get more bang for your buck.
Organizations today are finding it difficult to keep up with the complexity of the threat landscape and finding the right competencies to staff their operations centers. Many are turning to managed security services (MSS) for doing their job more efficiently and more competently. You may not save much money by using MSS, but you will get a lot more competency and 24/7 monitoring; more importantly, it will help you save on your capital expenditures that are tight now.
l Page 2 l Page 3 l Page 4 l
|