Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Although vendors can have the tendency
to present their technology as the silver
bullet to solve your data and access
mana...
Upcoming SlideShare
Loading in …5
×

BCS ITNow 201506 - Silver Bullet

121 views

Published on

When it comes to choosing technology solutions, don’t shoot yourself in the foot says Gareth Niblett, Chairman of the BCS Information Security Specialist Group.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

BCS ITNow 201506 - Silver Bullet

  1. 1. Although vendors can have the tendency to present their technology as the silver bullet to solve your data and access management problems, it is only through integrating people, policy, process and technology that you can hope to address such a multi-faceted challenge. Technology should only be a means to an end. Be it preventing data loss, providing secure remote working, ensuring mobile payment security, applying common policy across diverse platforms, federating data sharing, or assuring end-points and supply chains, a holistic top-down approach is required, rather than a traditional IT-driven bottom-up one. The organisation’s culture and risk management should determine the expected outcomes, driving the actions required to achieve them. Without getting the buy-in of management, staff and suppliers, and bringing along the journey, the so-called silver-bullet ends up as ammunition for corporate Russian roulette. There then needs to be a clear understanding of the policies required to support the organisation’s desired outcomes, aligned with its risk appetite, which translate into the ‘rules’ that should be applied, through process, procedures, or technology. Some risks can also be managed through contracts and insurance. Only once the above is in place, and INFORMATION SECURITY there are empowered and trained people in place, who understand the risks and means by which the organisation intends to treat them, can a technical solution be put in place. The solution should consider and address all end-to-end technical and non-technical threats and exposures. When it comes to choosing technology solutions, don’t shoot yourself in the foot says Gareth Niblett, Chairman of the BCS Information Security Specialist Group. Information Security Specialist Group (ISSG): www.bcs-issg.org.uk Information Risk Management and Assurance Specialist Group: www.bcs.org/groups/irma BCS Security Community of Expertise (SCoE): www.bcs.org/securitycommunity FURTHER INFORMATION doi:10.1093/itnow/bwv037©2015TheBritishComputerSocietyImage:iStock/152126875 22 ITNOW June 2015 SILVER BULLET that your ENTIRE ORGANISATION is secure. It takes a FULLY TRAINED TEAM to ensure Download to learn more.cert.isc2.org/infosecpros INSPIRING A SAFE AND SECURE CYBER WORLD. IT pros with information security skills have never been more in demand. Security isn’t just the responsibility of information security leaders.

×