Information security personnel are challenged with protecting company reputation and enterprise and customer data from a constant and expanding barrage of cyber criminals. Security departments are generally a small band of employees charged with safeguarding huge employee populations and endpoint devices. Increasingly, these teams are being pressed to be leaner and more efficient in addressing this evolving landscape.
The ability to quickly adapt skills and processes is critical. That's primarily because endpoints today can include any device that interacts with the corporate network. So how does an information security organization manage to keep up?
Three solutions are key: First is governance. Information security teams must become centers of influence. At the heart of a strong security program are clearly defined policies and standards for the entire enterprise. IT, sales, marketing, customer service, operations and everyone in-between must know the most important policies and the essential technical standards given their role and use of assets and information.
Fundamental to a strong governance program is the importance of the information security team working with the entire enterprise to identify those key assets and areas that expose the highest risk to the business. Identifying, prioritizing and communicating those risks will ensure that the information security program remains focused on the core areas that will keep the business running.
Secondly, awareness. Why have a team of 100 people protecting your organization when you can have a team of thousands? By educating employees, partners and even customers, you can expand your army of stewards exponentially. Put awareness and education of the latest cyber threats and protection methods at the top of your information security list. This will encourage proper cyber hygiene and reduce opportunities for employees to fall prey to threats specifically designed to take advantage of their naivety.
Third, expanded partners. Your information security operation has a variety of supplemental partners that can help: Solution providers have professional service agreements that can augment your program; third-party vendors are growing their expertise in areas such as monitoring and logging, penetration testing and secure coding; and private and public information-sharing initiatives are beginning to evolve.
Embrace the changing face of information security as a body of influence and begin your journey with governance, awareness and expanded partners. Information security is everyone's business in the end, so start including everyone in the process.