Meet the Bloggers

Vaune Carr, Principal Consultant, BT Global Services

Rob Jamison, Manager, Network Intelligence, Managed Security Solutions Group, BT Global Services

Jill Knesek, Chief Security Officer, BT Global Services

Sushila Nair, Product Manager, Managed Security Solutions Group, BT Global Services

Ben Rothke, Senior Security Consultant, BT Global Services

Pete Russo, Senior Marketing Manager, BT Global Services

Bruce Schneier, Chief Security Technology Officer, BT Global Services

Ray Stanton, Global Head of BT’s Business Continuity, Security & Governance Customer Capability Unit

Jim Tiller, Vice President, Security Professional Services, North America, BT Global Services

Toby Weir-Jones, Vice President of Product Development, Managed Security Solutions Group, BT Global Services

Twitter Blogroll About BT

SecureThinking

Monday, October 19, 2009

Cybersecurity Tip #3 — Maximizing the Return on your Security Investment

Jim Tiller, VP – Security Professional Services, North America, BT Global Services

Returns from security investments are not your typical one dollar in, two dollars out model. But this does not mean that security investments cannot demonstrate value to the business.

Maximizing returns is less about traditional risk versus investment strategies and more about ensuring the operational integrity of security activities. Businesses demand more bang for the buck, reduction of waste, and require that every penny spent has a positive influence on the business mission.

Here are some tips to help security demonstrate value:

  • Enable the business – Although security investments are applied to protect the business through reducing risk or achieving compliance, many will also have an impact on business processes. The goal is to find security solutions that have a positive influence on business processes that demonstrate savings, enhance the quality of the process, or reduce barriers for the business to attack new opportunities.
  • Waste not, want not – Companies today appreciate the importance of information security and will invest when there is a clear plan, as well as a sharp focus on effectiveness. Today’s CSO should be spending as much energy on demonstrating effectiveness and efficiency in spending and the employment of resources as they are in expressing traditional security metrics. Businesses want to be secure. However, reporting only on security metrics will not satisfy executive demand for how well dollars were applied operationally.
  • Focus on the disease, not the symptom – Security is typically in a reactive, fire-fighting state; and recent reductions in workforce – thanks to the economy – have strained many security groups. As tough as it may be, focus efforts on core issues and export day-to-day, tactical activities to partners. For example, outsource vulnerability testing to free internal resources to reduce future vulnerabilities through comprehensive interaction with development groups and IT. Over time, investments in managing systemic security issues will give way to greater environmental integrity and agility.

Historically, security groups have been focused on reducing risk and ensuring compliance. However, moving forward, security groups must also be keenly focused on operational efficiency to prove that investments are being applied wisely, are aligned to business goals, demonstrate added value to the business, and are tracked and managed in the same fashion as traditional risk and compliance management.

Posted at 9:40 PM
Tags: , , ,

Bookmark and Share

Leave a Reply

subscribe - log in