APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Security
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Security
    Editor's Pick (1 - 4 of 8)
    left
    The Organization's Responsibility for its Own Protection

    Michael Wallmannsberger, Chief Information Security Officer, Wynyard Group

    Don't Rush to Hire an Anti-DDoS Expert!

    Barry Greene, Co-founder and Chief, Technical Officer, GETIT

    Attaining the Needs of Infrastructure Investment

    Yong Chiang Neo, CIO

    Constructing a Marketing IT Collaboration

    Jenny Williams,

    The Organic Adaptability of IT

    Pedro Sttau,

    The Weakest Link Is Your Strongest Security Asset

    Christian Anschuetz, CIO & Security Practitioner, UL

    Achieving Greater Business Value with Innovation

    Denise A. Saiki, CIO& VP Enterprise Business Services, Lockheed Martin

    Using Data Analytics for Loss Prevention

    Jonathan Lowsley, CIO, ADrive

    right

    Computer Says No... How to Change the Perception of IT Security and Make it a Business Enabler

    Alex Taverner, Managing Consultant, BAE Systems Applied Intelligence

    Tweet
    content-image

    Alex Taverner, Managing Consultant, BAE Systems Applied Intelligence

    "Who gave 'them' this great overarching power to stop a project in its tracks?"

    This is just one of the frustrated complaints about IT Security teams made by their business colleagues. Yet the underlying root cause for why IT Security can be perceived so negatively in organisations is often bidirectional; business units sometimes don’t feel that IT Security has any real understanding of what they are trying to achieve, and IT Security is often engaged far too late in the piece, yet is expected to provide approval before projects can proceed. The result comes out that IT Security department often seems to act as a business inhibitor.

    In light of several well-known recent exposures to cyber events, it is worthwhile remembering IT Security is now a Board level concern and it is the risk management position the Board adopts that determines the role of IT Security in the business. Let’s face it; IT security is no longer an avoidable cost. The disciplines around getting ‘biggest bang for buck’ are not about whether to spend, but how to spend.

    "Good IT Security isn’t about  Delivering  the Most  Stringent Controls to  Minimize Risk or Only Addressing the Downsides"

    The reality, however, may be that IT Security teams aren’t given enough time to work on the project (be it an offering, service, product, solution or engagement) so they get forced into a corner – needing to make sometimes far reaching assessments of potential business impact without sufficient information and in the context of often proscriptive policy and compliance frameworks. Engaging with this team early, when a business unit first comes up with an idea or a requirement, not only helps the IT Security department, but can also smooth the transition of the project through to completion.

    This team can then properly assess potential hurdles that may come up and now has an opportunity to provide recommendations on how to get around them.

    A good, effective, open minded IT Security department will be seen as a business enabler. The business environment is increasingly regulated, with more and more compliance obligations to meet. These can be as diverse as handling credit card payments, providing services to government, or handling people’s information captured as part of a sales process. The IT Security team will not only understand these requirements, they will know how to comply with the imposts with the least effort.

    In addition, a good IT Security department may be able to identify technical upsides where it is possible to get better commercial outcomes. Good IT security isn’t about delivering the most stringent controls to minimize risk, or only addressing the downsides. IT security should also focus on how best to harness new opportunities and technologies for the advancement of the company.

    In highly regulated environments, such as banking, insurance, or anything to do with government for example, having the IT Security team helping out with pre-sales is often invaluable. The differentiator between two vendors offering a service increasingly comes down to not only how well they can meet their prospective customer’s compliance obligations, but importantly, how well they can communicate and demonstrate this to the prospective customer. This is when leveraging the IT Security team leads to sales enablement and should not be underestimated.

    IT Security teams can also help their own case by bringing awareness to the business of opportunities that fall within the organisation’s risk appetite, rather than just being reactive. It is better to have a more experienced and better credentialed IT Security team who understand the opportunities in emerging technologies than a team who only focusses solely on minimizing risk.

    Furthermore, good communication is imperative.  All IT security decisions should leverage a 'top down' approach based on company vision, strategy and objectives. In fact, security architecture frameworks such as SABSA channel enterprise architecture models like Zachman to ensure traceability from business requirements to security decisions and can be presented to business stakeholders in business terms.

    IT security is not going away. It is simply too important in today’s world. Having the top IT Security people building good rapport and mutual trust with the rest of the business is imperative. They have to earn the position of trusted advisors as well as subject matter experts in their own fields. The IT Security team needs to be a meaningful player, and active participant in the business.

    To use the old saw 'IT security is a journey not a destination'. There will always be change. There will always be new vulnerabilities. A business has to take acceptable risks and deploy mitigations where needed to ameliorate the risks which they are not prepared to accept. Understanding this equation is good IT security. So, for CIOs, and CISOs, carefully managing the message and prioritising the battles that need to be fought goes a long way to being a valued member of the leadership team.

    Computer does not need to say 'No'.

    Weekly Brief

    loading
    25 Most Promising Enterprise Security Solutions Providers
    ON THE DECK

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://security.apacciooutlook.com/views/computer-says-no-how-to-change-the-perception-of-it-security-and-make-it-a-business-enabler-nwid-2357.html