How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Director, DotSec


Published on

How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Director, DotSec, a sponsor company at the upcoming marcus evans Australian CIO Summit 2013, on how organisations can ensure information security becomes a business enabler.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Director, DotSec

  1. 1. How Infosec Can Become a Business Enabler these up-front times and costs are What future developments should always less than the time and expense CIOs prepare their organisations that is needed for the gap analysis and for? rework of an unsatisfactory or failed infosec project. In the infosec context, the core assets of a business are its information, and How should CIOs identify and the entities that collect, store, manage mitigate threats and risks? and process that information. CIOs may consider planning how to secure those First, they need to catalogue all their assets in an environment where there assets (computers, networks, are fewer verifiable (internal) controls, application functions, humans, etc.) and less physical security, more (big) data, consider how each asset could be and smarter, targeted attacks.Interview with: Dr Tim Redhead, misused, disabled, lost or stolen.Director, DotSec Next, they should consider the risk associated with each threat, thinking about how likely it is for the variousChief Information Officers (CIOs) threat-agents to be able to carry outneed to focus on information security their threat in a successful attack, andrequirements, processes and consider the consequences of suchinfrastructure, rather than on productsor trends, advised Dr Tim Redhead, attacks. WithoutDirector, DotSec. “They should manageinfosec in a way that it becomes a Some risks are acceptable, but CIOs must address the unacceptable risks, clearbusiness enabler rather than a either by risk mitigation strategies or byhindrance,” he added. transferring risk. With a prioritised list of risks, CIOs can perform a cost-benefit requirements,From a sponsor company attending theupcoming marcus evans Australian analysis and prioritise their next steps. the endCIO Summit 2013, Dr Tim talks about Given the current state of theinformation security, risk management,and infosec cost reduction. economy, how can CIOs manage infosec costs better? result canWhat do CIOs overlook when it Infosec is always going to cost money be acomes to IT security? and time, but the problems start when itWe have observed that when CIOs either costs too much or fails to deliver in line with costs. CIOs must avoid failedapproach infosec projects with lessfocus on requirements-driven, being pushed into taking on an emerging technology because of media- securityinfrastructural solutions, and more focus driven hype about perceived coston infosec products, then they are lesssatisfied with the project outcome. savings. system Without careful requirements analysis,Why? Because when you start with a risk-assessment and planning, cost andproduct, you essentially have a solution time over-runs are inevitable. Much ofthat is looking for a problem. Without the infosec industry is about sellingclear requirements however, the hoped- silver-bullet products. We saw firewalls,for solution often fails to meet smart cards, PKI, IDS and then IPS, VDIexpectations. Under pressure, and now Cloud. Avoiding product-drivenrequirements analysis, design and hype and focusing on requirements andintegration-prototyping seem like up- infrastructure will help to ensure thatfront costs that slow down the take up projects do not run over-time, and thatof the “real” project. In reality however, costs are therefore contained.
  2. 2. About the Australian CIO Summit 2013 The Information Technology Network - marcus evans Offering much more than any conference, exhibition or trade show, this exclusive Summits deliver peer-to-peer meeting will bring together esteemed industry thought leaders and solution information on strategic matters, providers to a highly focused and interactive networking event. professional trends and breakthrough innovations. Contact Please note that the Summit is a closed business event and the Sarin Kouyoumdjian-Gurunlian, Press Manager, marcus evans, Summits number of participants strictly Division limited. Tel: + 357 22 849 313 Email: For more information please send an email to All rights reserved. The above content may be republished or reproduced. Kindly inform us by sending an email to press@marcusevanscy.comAbout DotSecDotSec is a professional, independent, Australian-owned information-security organisation. DotSec was established in 1999 andhas consistently delivered solutions to customers in the financial, legal, utilities, education, transport, insurance and governmentsectors.www.dotsec.comAbout marcus evans Summitsmarcus evans Summits are high level business forums for the world’s leading decision-makers to meet, learn and discussstrategies and solutions. Held at exclusive locations around the world, these events provide attendees with a unique opportunity toindividually tailor their schedules of keynote presentations, think tanks, seminars and one-to-one business meetings.For more information, please visit: www.marcusevans.comTo view the web version of this interview, please click here: