Friday, 25 August 2017 10:25

Creating the Next Round of Information Security Heroes

One of the most rewarding aspects of working for RSA and in the cyber security industry, is the opportunity to work alongside IT and Security leaders to address their security challenges, enabling them to enact real, meaningful change within their business.  Change that reduces risk, bridges the gap between security leaders and business leaders, and enables organisational transformation.

In this series we will share stories of inspirational heroes who we have worked with.  Our aim – to demonstrate how and to enable and empower, organisations to progress along their cyber security maturity journey and to help align corporate risk appetite with actual, residual cyber risk.

Many CISOs we speak with are seeking to better understand and communicate business risk, demonstrate clear ROI, and develop compelling business cases to address known areas of weakness.  All while dealing with an ever changing threat landscape and evolving compliance conformance needs.

Creating cyber security awareness and understanding at the executive leadership level by communicating in a language understood by those executives, whilst demonstrating the importance of securing critical information assets that the business relies upon, have led to what RSA calls a Business-driven security approach.

In Australia, it is without doubt that cyber threats are now recognised as being a major risk to the success of the Australian economy the costs of breaches continue to climb and the bad guys continue to elude preventative controls.  

With the recent introduction of Mandatory Data Breach Disclosure legislation, Australian organisations with traditional cyber security programmes are now looking at advanced detection and response approaches. The key to continued success is to augment the detective controls of log-based SIEM that they already have, which over time may degrade in effectiveness as attack methods change.

Set against this landscape it can be easy to feel that transformation is impossible and that just defending the cyber security decisions of last year is success enough.  Heroes though find within themselves the resources to do something very different.  Every journey starts with the first footstep.  

In this series we will introduce three examples of how information security has delivered not just the must-have of ensuring the protection of critical information assets, it has enabled business transformation:

●    Workforce transformation: enabling staff in a highly secure and regulated environment to enjoy the benefits of workplace mobility and modern mobile devices, while minimising risk;

●    Risk culture transformation: navigating a long blocked path toward quantifying and articulating cyber risk in a manner that resonates with the organisation’s executives and aligns with the strategic business mission of the organisation;

●    Business transformation: creating a highly effective and forward leaning cyber security team whose services, people and processes, can be used to create a whole new line of business and sets the organisation on the journey of leadership within its industry sector.

Common to these stories are two key threads –

1.    The security leaders achieved positive outcomes by first assessing their current security posture through a risk-based gap analysis allowing them to focus on actual threats that posed potential material risks to their organisations.  They have been fearless when doing so; afraid neither of highlighting deficiencies within their own fiefdoms nor of uncovering truths inconvenient to the business.

2.    They recognised that the status quo must be challenged, and that many of the assumptions of cyber security we have accepted as gospel over the last two decades need to be re-examined. They have accepted that preventative controls are  not ‘defence in depth’, but rather ‘delay in depth’, and that adding further to the preventative control stack does not provide the ROI that it once did.

3.    Having started the journey of building such an approach to reducing risk, they were able to unlock hidden potentials and opportunities for the business to grow and progress on the cyber security maturity model.

In our next instalment we will delve into more detail on how security professionals we have worked with, and look at how their leadership teams have enabled the transformation of their organisations’ workforce.  In the meantime, your journey begins with your own first step –to assess your organisation’s cyber security maturity level, assess the gaps and consider how to make those actionable changes. Completing this exercise will start you on your own first step of joining the ranks of Australia’s cyber-security industry heroes.

Want to know more?  Take the Cyber Security Maturity Assessment Survey.

Read 25607 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



Related items

Share News tips for the iTWire Journalists? Your tip will be anonymous