The economic downturn is driving enterprises to find new ways of doing business, and develop new products and services. But there are very real information security risks in business innovation, which often go unaddressed because budgets tightening and security programs are expected to accomplish more with fewer resources.
“This will be a difficult task, especially as many security departments are in the midst of making the transformation from being a siloed technical specialty to a strategic business consultancy,” said RSA in making best-practice recommendations for human resource approaches. “In this economic climate, information security must strive to be lock-step with the business.”
The Security for Business Innovation Council says that even though the human resources budget may be limited, it is imperative to have the right people on your team.
“One way to think about managing resources effectively is security capability management,” it said. “Some tasks can be managed by the business itself with the deployment of the right tools, training and standards; some will require assistance from the security team; and some will need dedicated security specialists. The trick is selecting the right people for the right jobs. To achieve coverage across the enterprise, build an extended team of internal and external resources.”
The other recommendation from RSA and the Security for Business Innovation Council is to distribute and decentralize security capabilities by finding security “delegates” or “proxies” out in the business lines who have an aptitude and an interest in security and can be trained in technology risk controls. These delegates will not only increase efficiencies and hasten security responses, but also help to put more ownership of security on the individual businesses.
And, of course, having a dedicated C-level security officer is a key resource management decision for any large enterprise. To that end, at Xerox, Leary will be responsible for the information security and governance strategy to protect Xerox intellectual property, assets and client information.
"Our customers put their trust in Xerox to simplify operations and secure the volumes of information we manage for them," said Carol Zierhoffer, CIO at Xerox.
Leary joins Xerox from TASC, where he was vice president and chief information security officer. Previously, he was director and deputy chief information security officer for Northrop Grumman, and earlier held positions in the U.S. Army Military Intelligence Corps and the Special Operations Forces.