Emerging information technologies, such as virtualization, cloud computing, and social media combined with continuing economic volatility and increasing regulatory requirements have made it difficult for companies to keep pace to protect their information and networks. According to Ernst & Young’s 2012 Global Information Security Survey, this gap between where information security is and where it needs to be can be traced to the alignment of information technology with a company’s business, insufficient resources with the right skills and training, processes and technology, and new and evolving technologies. A company fighting to narrow the gap that emerging technologies, cyber crime and advanced persistent threats create need more than short-term changes to its information security. Rather, a company needs to fundamentally transform its approach to its information security.
A company looking to transform its information security can take relief in knowing that such transformation does not require complex technology solutions, but instead requires leadership, commitment, capacity, and the courage to act now. To enhance the company’s information security, the company must take steps to ensure that information security extends beyond the traditional IT department by making information security a company’s board of directors’ priority. This can be accomplished by adding seats on the board of directors for the executives spearheading the company’s information security efforts. Ernst & Young recommends that, in addition to strategically positioning information security beyond the IT department, the company should also considering taking the following four steps:
- Link their information security strategy to their business strategy and the overall desired results for the business.
- Start with a clean slate when considering new technologies and redesigning the architecture to better define what needs to be done. By doing so, the company can break down barriers and remove existing biases that may hamper fundamental change.
- Execute the transformation by creating an environment that enables the company to successfully and sustainably change the way information security is delivered.
- When considering new technologies, consider the opportunities and the risks such new technologies present.
In conclusion, ever-changing information technology will require companies to prepare for their use, which entails monitoring and implementing effective information security to protect the company’s data and networks. A company can implement effective information security by aligning its information technology with a its business, providing sufficient resources coupled with the right skills and training, having the right processes and technology, and having new and evolving technologies.