RSA, The Security Division of EMC (NYSE:EMC), recently released the latest Security for Business Innovation Council (SBIC) report, providing guidance for how organizations can enable new competitive advantages in their business by transforming outdated and inflexible processes that govern the use and protection of information assets. The report highlights key challenges, upgraded techniques and actionable recommendations that can be used to plan and build new processes to help organizations gain business advantage and more effectively manage cyber risks.
In this latest report titled Transforming Information Security: Future-Proofing Processes, the Council observes that business groups within organizations are taking greater ownership of information risk management; however outdated security processes are hindering business innovation and make it difficult to combat new cybersecurity risks. The Council offers guidance calling for information security teams to collaborate more closely with functional business groups to establish new systems and processes to help identify, evaluate, and track cyber risks faster and with greater accuracy.
The new report spotlights areas ripe for security process improvement including risk measurement, business engagement, control assessments, third-party risk assessments, and threat detection. The Council also offers five recommendations for how to move information security programs forward to help business groups exploit risk for competitive advantage:
- 1. Shift Focus from Technical Assets to Critical Business Processes Expand beyond a technical, myopic view of protecting information assets and get a broader picture of how the business uses information by working with business units to document critical business processes.
- Institute Business Estimates of Cybersecurity Risks
Describe cybersecurity risks in hard-hitting, quantified business terms and integrate these business impact estimates into the risk-advisory process. - Establish Business-centric Risk Assessments
Adopt automated tools for tracking information risks so business units can take an active hand in identifying danger and mitigating risks and thus assume greater responsibility for security. - Set a Course for Evidence-based Controls Assurance
Develop and document capabilities to amass data that proves the efficacy of controls on a continuous basis. - Develop Informed Data Collection Techniques
Set a course for data architecture that can enhance visibility and enrich analytics. Consider the types of questions data analytics can answer in order to identify relevant sources of data.
Executive Quotes:
Art Coviello, Executive Vice President, EMC, Executive Chairman, RSA, The Security Division of EMC
“For the enterprise to successfully innovate in today’s digital world, security teams must re-evaluate cyber risk management efforts, steering away from reactive, perimeter-based approaches that are inflexible and focus instead on proactive collaboration with the business. Updated processes as described by the Council can help organizations achieve a greater visibility of risk that can be harnessed to benefit the business.”
Dave Martin, Vice President and Chief Information Security Officer, EMC Corporation
“Documenting business processes has to be a collaborative effort, to accurately reflect what the risks are to the system. We’ll never understand the business value of the information to the same degree as the business owner, and they’ll never understand the threats to the same degree as the security team.”
About the Security for Business Innovation Council
The Security for Business Innovation Council is a group of top security leaders from Global 1000 enterprises committed to advancing information security worldwide by sharing their diverse professional experiences and insights. The Council produces periodic reports exploring information security’s central role in enabling business innovation. This report is the second in a three-part series on building a next-generation information security program. The first report was titled Transforming Information Security: How to Build a State-of-the Art Extended Team.
Contributors to this report include 19 security leaders from some of the largest global enterprises:
ABN Amro
ADP, Inc.
Airtel
AstraZeneca
Coca-Cola
eBay
EMC Corp.
FedEx Corp.
Fidelity Investments
HDFC Bank Ltd.
HSBC Holdings plc.
Intel
Johnson & Johnson
JPMorgan Chase
Nokia
SAP AG
TELUS
T-Mobile USA
Walmart
Additional Resources
- Download the latest Security for Business Innovation Report
- Download infographic that highlights the Council’s five recommendations
- RSA Blog: Five Ways to Future-proof Information Security Processes, By Laura Robinson, SBIC Chair
- Download the first report of the series Transforming Information Security: Designing a State-of-the Art Extended Team
- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast
About RSA
RSA, The Security Division of EMC, is the premier provider of security, risk, and compliance- management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, and Fraud Protection with industry-leading GRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.EMC.com/RSA.
###
RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.