Effective security requires winning hearts and minds, says Colette Hanley, head of information security compliance at online communications brand Skype.
What does it mean to be a well-rounded professional in information security today? “The complex challenges we face on a daily basis require information security professionals to not only have the most current technical knowledge, but also to recognise that effective security cannot be practised in a vacuum,” asserts Skype's Colette Hanley.
“The increasing need for security to be agile and responsive requires information security professionals to understand and be part of the bigger picture in their organisation. This is the only way we can propose pragmatic solutions to the business,” she adds.
Securing this kind of involvement calls for more than just technical skills. Hanley advocates the ability to listen as a precursor to a “winning hearts and minds approach” to security.
“A collaborative approach allows the organisation to appreciate the role that security plays in contributing to smooth business operation, not stifling innovation but supporting it. Without this common ground, security requirements may have to be enforced uniquely through policy mandate, which is a double-edged sword since the business may achieve compliance, but you aren't encouraging a ‘security reflex' to develop.
“By promoting a secure way of thinking, the business becomes sensitive to security issues and there is a greater likelihood that teams will solicit the guidance and advice of the infosecurity department, allowing us to work together towards the best outcome from the start.”
Recognising the challenges stakeholders face enables the infosecurity department to shape communications and suggest solutions that are both effective and palatable to the business. “If the message makes sense to the audience, implementation is one step closer,” says Hanley.
She notes that keeping pace with the external environment within which the business operates is equally vital. “Regulation is evolving and while infosecurity professionals don't need to become lawyers, they must cultivate an appreciation for how new rules impact their business, and determine who within the business should be aware of them.
“Seminars and briefings by industry leaders are a great way to gain perspective on new developments. Such events give access to cutting-edge thinking, which can then be adapted for use by infosecurity professionals.”
Kingston University London's Dr. Christos Politis notes: “Security is touching every aspect of our lives. To combat security threats, we must deliver knowledge to students that is the latest and state-of-the-art. At Kingston, we are doing this by adopting research-enforced teaching and learning. This approach helps us equip our students with the most advanced security-related knowledge so that they make a real difference when they enter employment.”
The university offers post-graduate courses in networks and information security, wireless communications and networks and data communications.
The Wireless Multimedia and Networking Research Centre at Kingston regularly feeds its findings into the curriculum. The most recent example is an EU-funded research project on extreme emergency security infrastructures. The results of the research on cryptography, network and secure and dependable computing have been incorporated into the university's courses.
“We are always enhancing our curriculum and teaching methods to deliver the best possible education,” says Politis.