This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

New guidelines aid organisations in improving security teams

Share this article:

In light of evolving cyber crime, hacktivism and insider threats, the Security for Business Innovation Council (SBIC) – an independent group of security experts from Global 1000 enterprises – has released a report on what it takes for an organisation to create an elite security team (PDF).

Made public on Monday, this first of three reports outlines in seven steps what it takes to improve an organisation's cyber defence squad, beginning with cross-training of employees and simultaneous interaction between business and security efforts.

“Process optimisation and process management doesn't exist in the IT realm,” Eddie Schwartz, CISO with computer and network security company RSA, told SCMagazine.com on Friday.

Schwartz said that IT people need to abandon the top-down approach of going straight to the executive level and, instead, engage all levels of an organisation, including upper management, middle management and even the lower levels, such as training programs.

“Part of building a team is leveraging abilities throughout the organisation and finding people with fine-tuned skills who can bring expertise into the business,” Schwartz said.

When asked what the incentive is for people to take on additional responsibilities and if employees would be receptive to cross-training, Schwartz pointed to an availability of positions in the IT realm and higher salaries as encouraging factors.

“It's a cool field,” Schwartz said. “I'm protecting the enterprise, it's exciting, there's no mundane quality to it. I think that resonates with people.”

The SBIC recommendations also encourage businesses to have their primary IT security teams focus on cyber risk intelligence and security data analytics and management, while delegating everyday operations to other experts within the operation or established third-party service providers.

“The old-school mentality is that you have to do it all yourself, but the truth is that many service providers do a great job and [can even] do it better,” said Schwartz.

Serious cyber crimes date back as early as a decade ago, so what has been the holdup regarding implementation of these strategies? Allocation of budgets and other organisational priorities have long been a part of the problem, according to Schwartz.

“IT budgets are lower,” he said. “In many industries, IT is now 10 to 15 per cent of the budget. As you see those budget increases, a percentage of that is human support of technology, of analytics and of compliance. You have to staff up to meet that need.”

Another component is the lack of adequately educated technical people who are up to date with a security field that is growing increasingly complex.

Looking to the future, the experts with SBIC are seeing this global shortage of particularly good IT people and Schwartz suggested a long-term solution that involves working with universities and programs to encourage people to choose cyber security as an industry.

“A decade ago, a small handful of universities had [cyber security] undergraduate or graduate programs,” said Schwartz. “Now there are 40 or 50 that have it – and more that have courses, at least. But it'll take a number of years before we get to where we need to be as far as education and the IT workplace [is concerned].”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

WordPress: a new security flaw revealed

WordPress: a new security flaw revealed

Updating of WordPress versions advised to avoid exposure to new vulnerability

57% of UK adults want a Digital Bill of Rights

57% of UK adults want a Digital Bill ...

While there is now dissatisfaction with web security and calls, led by Sir Tim Berners-Lee, for a Digital Bill of Rights in the UK, commentators do not believe it would ...

US DoJ arrests four men - charges them in connection with $100m worth of hacking IP losses

US DoJ arrests four men - charges them ...

Third-party vendor route for hackers grants access to US government, Microsoft and games manufacturers.