A new research report released recently by RSA, the security division of EMC, has disclosed that a ?forward-leaning? security program should start with the formation of a next-generation information security team that can tackle cyber risks in today?s global enterprises.
The report titled, ?Transforming Information Security: Designing a State-of-the Art Extended Team,? argued that information security teams must evolve to encompass skill sets not typically seen in security, such as business risk management, law, marketing, mathematics, and purchasing.
The information security discipline must also embrace a joint accountability model in which responsibility for securing information assets is shared with the organization?s line of business managers and executives who are beginning to understand that they ultimately own their own cyber risks as a part of business risk, it said.
Many of the advanced technical and business-centric skills needed for security teams to fulfill their expanded responsibilities are in short supply and will require new strategies for cultivating and educating talent, as well as leveraging the specialized expertise of outside service providers, the reported added.
To help organizations build a state-of-the-art extended security team, the security chiefs drafted a set of seven recommendations, which are detailed in the new report.
1. Redefine and strengthen core competencies ? Focus the core team on increasing proficiencies in four main areas: cyber risk intelligence and security data analytics; security data management; risk consultancy; and controls design and assurance.
2. Delegate routine operations ? Allocate repeatable, well-established security processes to IT, business units, and/or external service providers.
3. Borrow or rent experts ? For particular specializations, augment the core team with experts from within and outside of the organization.
4. Lead risk owners in risk management ? Partner with the business in managing cybersecurity risks and coordinate a consistent approach. Make it easy for the business and hold them accountable.
5. Hire process optimization specialists ? Have people on the team with experience and certifications in quality, project or program management, process optimization, and service delivery.
6. Build key relationships ? Develop trust and influence with key players such as owners of the ?crown jewels,? middle management, and outsourced service providers.
7. Think out-of-the-box for future talent ? Given the lack of readily available expertise, developing talent is the only true long-term solution for most organizations. Valuable backgrounds can include software development, business analysis, financial management, military intelligence, law, data privacy, data science, and complex statistical analysis.
The contributors to the report include 18 security leaders from some of the largest global enterprises:
ABN Amro
ADP
Airtel
AstraZeneca
Coca-Cola
EMC
FedEx
Fidelity Investments
HDFC Bank
HSBC
Intel
Johnson & Johnson
JPMorgan Chase
Nokia
SAP
Telus
T-Mobile USA
Walmart
