Companies should look to prioritise their business with a strategy based on risk and reward with the right mix of staff to achieve this.
In its third report, “Driving Fast and Forward: Managing Information Security for Strategic Advantage in a Tough Economy”, RSA and the Security for Business Innovation Council have identified the challenges for the information security sector and outlined concrete strategies for achieving more with less in 2009.
It claimed that businesses should sharpen their ability to make tough judgment calls based on risk and build repeatable processes by applying traditional operational metrics to their security programs.
It also recommended that in lean times, all security team members should be able to partner with business owners, offer alternative solutions and speak about issues beyond security.
Dave Cullinane, vice president and chief information security officer of eBay Marketplaces, said: “Especially in this current economic environment, it's more important than ever to make sure you have the right expertise on your team to make good risk/reward decisions, which will ultimately ensure you invest in the right things.”
The report also recommended creating an optimal shared cost strategy and use technology to automate manual processes and outsource some security functions, but plan and manage these efforts carefully to maximise benefits.
RSA president Art Coviello, said: “In a tough economy, it's tempting for enterprises to rein in business innovation. However, strategic initiatives that enable revenue growth and operational transformation are more critical than ever. Security practitioners can help business leaders safely pursue the most lucrative business opportunities by understanding the risk picture and identifying the right trade-offs. At the same time, security teams must find ways to squeeze the most out of every dollar.”
Andrew Maloney, director for EMEA at RSA, said: “This addresses a common theme where there is a real shift in the security world, where we look at what the CSO should be focussing on. Also where they should be looking at security and where to make the investment, security has moved on and in this context business rules are being written rather than being followed.”