Pages

Dec 11, 2013

Latest SBIC Report: Transforming Information Security: Future-Proofing Processes

The latest Security for Business Innovation Council (SBIC) report, providing guidance for how organizations can enable new competitive advantages in their business by transforming outdated and inflexible processes that govern the use and protection of information assets. The report highlights key challenges, upgraded techniques and actionable recommendations that can be used to plan and build new processes to help organizations gain business advantage and more effectively manage cyber risks.


In this latest report titled Transforming Information Security: Future-Proofing Processesthe Council observes that business groups within organizations are taking greater ownership of information risk management; however outdated security processes are hindering business innovation and make it difficult to combat new cybersecurity risks. The Council offers guidance calling for information security teams to collaborate more closely with functional business groups to establish new systems and processes to help identify, evaluate, and track cyber risks faster and with greater accuracy.


The new report spotlights areas ripe for security process improvement including risk measurement, business engagement, control assessments, third-party risk assessments, and threat detection.  The Council also offers five recommendations for how to move information security programs forward to help business groups exploit risk for competitive advantage:
  • Shift Focus from Technical Assets to Critical Business Processes Expand beyond a technical, myopic view of protecting information assets and get a broader picture of how the business uses information by working with business units to document critical business processes.
  • Institute Business Estimates of Cybersecurity Risks Describe cybersecurity risks in hard-hitting, quantified business terms and integrate these business impact estimates into the risk-advisory process.
  • Establish Business-centric Risk Assessments Adopt automated tools for tracking information risks so business units can take an active hand in identifying danger and mitigating risks and thus assume greater responsibility for security.
  • Set a Course for Evidence-based Controls Assurance Develop and document capabilities to amass data that proves the efficacy of controls on a continuous basis.
  • Develop Informed Data Collection Techniques Set a course for data architecture that can enhance visibility and enrich analytics. Consider the types of questions data analytics can answer in order to identify relevant sources of data.