IT security 'should be pitched like other business enablers'

4 June 2015
By James Hayes
Mobile version
Share |
IT security could be treated like other business enablers, such as marketing

IT security could be treated like other business enablers, such as marketing

Enterprise information security chiefs could boost their chances of getting the funding they need by emulating sales and marketing budgeting practices, a security industry expert believes.

Calling on actual and projected performance figures – a technique common to other parts of the enterprise – when profiling IT security's contribution to corporate success would convey a better understanding of the role it plays in safeguarding business operations, according to Sol Cates, chief security officer at security solutions provider Vormetric.

Speaking at the Infosecurity Europe conference in London this week, Cates argued that challenging funding requests by casting IT security mainly as a cost-centre could be overturned by presenting its relevance in the same way as sales staff set financial targets and market share projections, for instance.

“Organisations are increasingly asking, 'Are we seeing a return on our security investments?'” Cates said. “It's actually time that security is viewed as a quantifiable business enabler. IT security is no longer a tax on the business, it's now an enabler of costs savings and competitive advantage.”

One of the ways that enterprise security leaders could communicate their contribution to corporate financial stability would be to model the likely adverse outcomes a data breach would have on an organisation, Cates said: “The IT security function would benefit from being more open and disclosive about the nature of threats that are targeting an organisation and by evaluating how well it can expect to perform protecting assets against those threats going forward”.

He added: “Other enterprise functions routinely present to the rest of the organisation about projected sales, possible risks and market conditions that might affect future performance. IT security activities could be presented in much the same way, highlighting success rates against cyber-attacks and the resulting benefit to the running of the business.”

Security models could classify the risks into tangible and intangible costs, Cates explained. “Tangible costs could be an item of data such as a patient record in the healthcare sector,” he says. “For example, the dark market rate for patient records is about $200 each, so that sets a baseline market value on any stolen data.” Other tangible risk costs could include reputational harm, damage to business relationships and revenue drops due to lost customers.

From a US perspective, intangible costs include class-action lawsuits mounted by affected customers or legal penalties resulting from data security regulatory compliance failures. “Most enterprises use modelling tools to fine-tune future financial performance and such modelling could also help formulate and analyse cyber-security strategy,” Cates said.

“Making enterprise security performance specifics more visible to other parts of an organisation would place it as an integral part of the company structure and also remind all staff that security effectiveness is a shared responsibility.”

Latest Issue

E&T cover image 1607

"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."

E&T jobs

  • Spectrum Technology Analyst

    Ofcom
    • Baldock, Hertfordshire
    • £Competitive Plus Comprehensive Benefits Package

    Ofcom is the independent regulator and competition authority for the UK communications sectors and we are globally respected for the work we do.

    • Recruiter: Ofcom

    Apply for this job

  • Test Engineering Opportunities

    HMGCC
    • Hanslope Park, Milton Keynes
    • Salary offered will depend on skills and experience

    Push incredible innovations beyond their limits. Opportunities for Software, Hardware, EMC, Test and Inspection Engineers!

    • Recruiter: HMGCC

    Apply for this job

  • Development Engineer Opportunities

    HMGCC
    • Hanslope Park, Milton Keynes
    • Salary offered will depend on skills and experience

    At HMGCC, we’re the place where exceptional creativity, ground-breaking ideas and cutting-edge technologies unite.

    • Recruiter: HMGCC

    Apply for this job

  • Head of School of Engineering and Advanced Technology

    Massey University
    • Albany or Palmerston North

    This role offers an outstanding opportunity to lead and further develop a well-established and internationally recognized School.

    • Recruiter: Massey University

    Apply for this job

  • Engineering Support Opportunities

    HMGCC
    • Hanslope Park, Milton Keynes
    • Salary offered will depend on skills and experience

    Working in one of our support roles, you’ll be integral to the creation of some of the most advanced bit of kit in the world.

    • Recruiter: HMGCC

    Apply for this job

  • Programme Manager, Network Resilience

    Energy Networks Association
    • Westminster
    • Competitive salary, dependent on experience

    Co-ordinate the network resilience, emergency planning and the Single Electricity Number (SEN) work in the ENA Engineering team.

    • Recruiter: Energy Networks Association

    Apply for this job

  • Senior Engineer - Configuration

    BAE Systems
    • Surrey, Frimley, England / England, Weymouth, Dorset
    • Negotiable

    Senior Engineer - Configuration Would you like to assist the Combat System Configuration Manager in ensuring that changes to the Common Combat System design are sufficiently assessed, approved, implemented, managed and controlled in accordance with BAE Sy

    • Recruiter: BAE Systems

    Apply for this job

  • System Planning and Investment Engineer

    SSE
    • Reading
    • 37,000 - £55,000 Plus excellent benefits package - salary depending on experience

    System Planning and Investment team act as custodian of the 132kV and EHV distribution network, provide business with technical expertise.

    • Recruiter: SSE

    Apply for this job

  • Chair in Integrated Sensor Technology

    The University of Edinburgh
    • Edinburgh, City of Edinburgh

    The University of Edinburgh is one of the world’s top 20 institutions of higher education.....

    • Recruiter: The University of Edinburgh

    Apply for this job

  • Metering Engineer

    Department for Business, Innovation and Skills
    • Teddington, United Kingdom
    • £24,109 - £27,961 plus EO Electronics PE of £8,090.00

    We are now looking for a Metering Engineer to deliver RD’s In-Service Testing (IST) scheme for gas and electricity meters.

    • Recruiter: Department for Business, Innovation and Skills

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T