With an ever increasing awareness and exposure of a company’s information assets, it is important for enterprises to define, identify, and align business and security capabilities in order to reduce the risk of security breaches and incidents.
Businesses are accelerating their adoption of technologies in an attempt to increase productivity, improve customer satisfaction, and expand market presence while security organizations utilize industry accepted practices to organize and protect corporate assets. Without alignment:
Mobile commerce makes it difficult to secure personal and financial data, and speed to market circumvents strict policies, management, diligence, understanding and awareness
Internationalization of the business community (through commerce and sourcing) broadens an enterprise’s exposure
Adoption of Internet, mobility, social media, and cloud capabilities are straining the CISO’s ability to provide a secure environment
Regulatory compliance requirements (HIPAA, Sarbanes Oxley, PCI and PII) challenge corporations in securing corporate data
Technology advances require renewed emphasis on architectures, infrastructure, security tools, policies, and compliance procedures
High value chain analysis is performed in order to bring security and business into alignment. This will maximize the protection of corporate assets and reduces risks:
Starting with high-level functions, the business capabilities are documented, prioritized and then validated with key stakeholders
The business functions are then mapped to current capabilities, both gaps and redundant competencies are documented
Recommendations to eliminate the gaps are also provided as a basis to build action plans required to reduce or eliminate corporate risks.
Security requirements are reviewed, prioritized, and aligned with business initiatives
Security costs are rationalized directly to business objectives and requirements
Establishing an integrated/repeatable process keeps security and business aligned