IT security 'should be pitched like other business enablers'

4 June 2015
By James Hayes
Mobile version
Share |
IT security could be treated like other business enablers, such as marketing

IT security could be treated like other business enablers, such as marketing

Enterprise information security chiefs could boost their chances of getting the funding they need by emulating sales and marketing budgeting practices, a security industry expert believes.

Calling on actual and projected performance figures – a technique common to other parts of the enterprise – when profiling IT security's contribution to corporate success would convey a better understanding of the role it plays in safeguarding business operations, according to Sol Cates, chief security officer at security solutions provider Vormetric.

Speaking at the Infosecurity Europe conference in London this week, Cates argued that challenging funding requests by casting IT security mainly as a cost-centre could be overturned by presenting its relevance in the same way as sales staff set financial targets and market share projections, for instance.

“Organisations are increasingly asking, 'Are we seeing a return on our security investments?'” Cates said. “It's actually time that security is viewed as a quantifiable business enabler. IT security is no longer a tax on the business, it's now an enabler of costs savings and competitive advantage.”

One of the ways that enterprise security leaders could communicate their contribution to corporate financial stability would be to model the likely adverse outcomes a data breach would have on an organisation, Cates said: “The IT security function would benefit from being more open and disclosive about the nature of threats that are targeting an organisation and by evaluating how well it can expect to perform protecting assets against those threats going forward”.

He added: “Other enterprise functions routinely present to the rest of the organisation about projected sales, possible risks and market conditions that might affect future performance. IT security activities could be presented in much the same way, highlighting success rates against cyber-attacks and the resulting benefit to the running of the business.”

Security models could classify the risks into tangible and intangible costs, Cates explained. “Tangible costs could be an item of data such as a patient record in the healthcare sector,” he says. “For example, the dark market rate for patient records is about $200 each, so that sets a baseline market value on any stolen data.” Other tangible risk costs could include reputational harm, damage to business relationships and revenue drops due to lost customers.

From a US perspective, intangible costs include class-action lawsuits mounted by affected customers or legal penalties resulting from data security regulatory compliance failures. “Most enterprises use modelling tools to fine-tune future financial performance and such modelling could also help formulate and analyse cyber-security strategy,” Cates said.

“Making enterprise security performance specifics more visible to other parts of an organisation would place it as an integral part of the company structure and also remind all staff that security effectiveness is a shared responsibility.”

Latest Issue

E&T cover image 1607

"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."

E&T jobs

  • Skilled Electrical Fitter

    MBDA
    • Bolton
    • Competitive Salary & Benefits

    What?s the opportunity?   The Electrical Fitter will carry out manufacturing and test tasks within the electrical department in accordance with product certification procedures, defined workmanship  ...

    • Recruiter: MBDA

    Apply for this job

  • Electrical Manufacturing Technician

    MBDA
    • Stevenage
    • Competitive Salary & Benefits

    What?s the opportunity?   As a qualified craftsman with experience in electrical manufacturing, the Manufacturing Technician will report to a Team Leader, receiving day to day ...

    • Recruiter: MBDA

    Apply for this job

  • Electrical Design Engineer

    Oxford Instruments
    • Yatton, Bristol
    • Competitive salary plus excellent benefits

    We are looking for an electrical designer to join our engineering design team.

    • Recruiter: Oxford Instruments

    Apply for this job

  • Consultant Engineer (Electrical Power)

    BAE Systems
    • Cumbria, Barrow-In-Furness, England
    • Negotiable

    Consultant Engineer (Electrical Power) Would you like to play a key role in providing technical direction to the design of power systems on the Successor class submarines, which will replace the current Trident-equipped Vanguard class, currently in servic

    • Recruiter: BAE Systems

    Apply for this job

  • Electrician

    The Bristol Port Company
    • City of Bristol
    • C. £31,729 per annum plus supplements, benefits and overtime

    You’re a good team worker with a strong technical capacity – so bring your talents to a new role with one of the area’s leading employers.

    • Recruiter: The Bristol Port Company

    Apply for this job

  • Supply Restoration Team Manager (HV/SAP)

    SSE
    • Oxford, Oxfordshire
    • Salary: £37,588 to £49,645 + Car (SSE8) Depending on skills and experience

    SSE is looking to recruit a Supply Restoration Team Manager to join our existing team in Oxford.

    • Recruiter: SSE

    Apply for this job

  • Electrical Technical Lead - Global Operations, Engineering & Laboratory

    Pfizer Ltd
    • Kent

    An exciting opportunity has arisen to join a dynamic team of professional engineers, supporting the development of novel drugs.

    • Recruiter: Pfizer Ltd

    Apply for this job

  • Supply Restoration Team Manager (HV/SAP)

    SSE
    • Oxfordshire
    • Salary: £37,588 to £49,645 + Car (SSE8) Depending on skills and experience

    SSE is looking to recruit a Supply Restoration Team Manager into our office in Oxford.

    • Recruiter: SSE

    Apply for this job

  • Electronics & Control Systems Engineer

    Frazer-Nash Consultancy Ltd
    • Bristol, Burton, Glasgow, Plymouth, Warrington
    • £ Competitive + Benefits

    We are seeking talented Electronics Engineers at all career levels.

    • Recruiter: Frazer-Nash Consultancy Ltd

    Apply for this job

  • Control and Instrumentation Engineers

    Frazer-Nash Consultancy Ltd
    • Bristol, Burton, Glasgow, Gloucester
    • £ Competitive + Benefits

    Frazer-Nash is currently embarking on a period of significant growth of our electrical, electronics, control and instrumentation capability.

    • Recruiter: Frazer-Nash Consultancy Ltd

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T