Security is changing for the better, but if you do not you are doomed as the next industrial revolution is upon us.
In the closing keynote at the Gartner Security and Risk Management system, Gartner managing vice president F. Christian Byrnes said that the current state of security is promising for professionals, as a survey of 900 security staff across USA, Canada, Germany, UK, Brazil and India between March-April 2014 showed that boards of directors understand security, as 70 per cent say risk management data influences decisions and 57 per cent formalised a risk steering committee or an advisory board.
In terms of information security getting some respect, the research found that 85 per cent of businesses have a dedicated team, but Byrnes pointed out that 15 per cent do not. “They leave it to endpoint guy or some guy with coding skills,” he said. “My primary practice is working with newly appointed CISOs. We found that 29 per cent of organisations have top-level sponsorship of security.”
He said that what was better was that security as a profession was getting more respect as we deserve more respect! Research found that programs have someone for compliance (83 per cent), charter (80 per cent), formal information security architecture (72 per cent), defined and document security processes 84 (per cent), a formalised approach to security process improvement (77 per cent) and process to integrate security requirements into application development lifecycle (76 per cent). “You deserve respect and get it,” he said.
He said that the most common call from clients is how to hire a security analyst or CISO; that they had done everything to find people and could not get anyone to apply for good jobs that are well paying and in a good location. This was leading to head-hunting of staff who were happy in their jobs.
He said: “Things are getting better, but not changing rapidly. Maturity levels have changed, but are consistent year on year. The right policy gets you to the right risk residual place, but that is not one that locks everything down.
“The upcoming transition is the most dramatic change in information technology ever. All changes are difficult – this will be worse. We are experiencing the third industrial revolution and it coincides with economic impact, and as we enter the final phase, computing will have more of an economic impact and change how economies work, more than in the last 60 years.
“The only handle we have is a Nexus of Forces that is forcing this change and we have to deal with it. If you don’t have a security architecture that adhere to, you are doomed. Think of a first year tactical plan with
a deliverable to define success, and commit to deliver something by the end of each quarter, and define your own security and ability to succeed.”
