Jeimy J. Cano M., Ph.D, CFE
The role of information security should not detract from the evolution of business models. Information security must read, understand and motivate a proactive move to protect the value of the company and anticipate emerging risk. In this context, information security teams should understand the digital mastery needed
to consolidate the business and understand what the management expectations are regarding the transformation of the enterprise IT.
In the current ecosystem of content and possibilities, organizations demand a more flexible view of information security, practical rules to promote security and use agreements founded on the impacts of possible breaches of information security. This flexible view is preferable to having rigid IT security procedures and security and control guidelines. In this understanding, information security executives should orient based on business decisions, not security ones. That is, information security teams should have an understanding of how to leverage a more reliable operation and secure actions while keeping the enterprise goals in mind.
If the organization is challenged to conquer and expand into new territories to create new value and growth options, information and IT will be the basic elements to motivate this transformation. Consequently, there will be greater exposure and demand from the company management to develop proposals for changes, which can help enterprises capitalize by quickly taking calculated risk in a changing context.
In an ongoing review of the role of information security, it is necessary to create breaks—moments of truth to observe emergent situations. These can be an opportunity to develop distinctions, establish and indicate new patterns and emerging reflections about the environment. It is important to incorporate changes and make them part of the ongoing review exercise and to develop new strategic, tactical and operational practices that will enable that function. An ongoing information security review is about more than teaching others what they do not know; it is about helping them shape their actions to keep information security principles in mind.
Read Jeimy J. Cano’s recent Journal article:
“The Information Security Function: Current and Emerging Pressures From Information Insecurity,” ISACA Journal, volume 6, 2014.