The science, and sometimes art, of logical business information security.
Information Security has had to evolve at a rapid pace to keep up with threats and attackers. In a relatively short space of time our defences have advanced from traditional signature-based prevention to behavioural-based detection, and need to continue to adapt to meet tomorrow’s challenges. In the future digitisation, machine learning and autonomy are both allies and adversaries, requiring us to be on the front foot to deliver effective security solutions.
The principles of information security & risk management are no different to other security disciplines. The unique challenge lies in the vast range of forms data and information take when at rest, in motion or being processed. Technology provides multiple avenues and vectors to both reap the benefits of, and exploit, information. Society is relentless in its hunger to evolve the manner in which we obtain, absorb and share information, often without perceiving the negative effects of such innovation. Knowing and understanding your information is the 1st step in being able to effectively manage and secure it.
When it comes to risk management, be pragmatic, know your business and the operating environment, but always ask “what if…” and facilitate open and honest dialogue. Understand the tension between operations and risk and address it rather than hide behind it. Risk management is only effective when trusted relationships, mutual respect, and knowledge are unified by a common goal. Today’s organisations are too complex for a single unit or team to effectively manage risk, so collaboration between assurance and risk management (business unit risk management, information security, internal audit, etc) is the key to success.
Posts on this site are my own opinions, references are provided where relevant. Drop me a comment if you would like to discuss anything further.
Follow me on Twitter @rob_bainbridge