Security Market Segment LS
Friday, 16 June 2017 08:21

Is IT security getting your board's attention?

By

Not all boards are taking IT security seriously. Perhaps surprisingly, some organisations don't have a security strategy, or don't see it in the context of a broader IT strategy, Centre for Internet Safety managing director Nigel Phair told iTWire.

While IT should be involved from the start in the development of a security strategy, the CISO should be part of the security function (not IT), and should be concerned with aligning security measures with the business strategy.

The CISO should report to the board and the audit committee: "it's just (another aspect of) risk," said Phair at VMware's Evolve 2017 event in Melbourne yesterday, adding that strategy, risk and governance are the board's concerns.

The board needs to make decisions at a high level, eg "is gold-plated security appropriate?", although those in regulated industries may not have much choice. Then it is the CISO's job to explain what that actually means in terms of time and cost.

Bronze or silver plating might be appropriate, but an informed decision should be made. For example, how much downtime is acceptable? One minute? One hour? One day?

The performance of Australian organisations in this regard is "pretty hit and miss", Phair said, and it's not just about the size of the business. The big banks do it well, he said, but one ASX 200 company is not on top of IT security to the degree he expected.

Establishing the ROI for IT security investments "is tough," said Phair, "with physical security you've got something (tangible)."

"IT security is a business driver that adds value," he said, but the risks have to be managed.

The growing number of commercial-grade security conferences is a promising sign, he suggested, noting that vendors are throwing money into such events at a time when people want to learn about the issues.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments