How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Director, DotSec, a sponsor company at the upcoming marcus evans Australian CIO Summit 2013, on how organisations can ensure information security becomes a business enabler.
Active Defence: Safeguarding Crucial Capability while Boosting Functionality ...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Director, DotSec
1. How Infosec Can Become a Business Enabler
these up-front times and costs are What future developments should
always less than the time and expense CIOs prepare their organisations
that is needed for the gap analysis and for?
rework of an unsatisfactory or failed
infosec project. In the infosec context, the core assets
of a business are its information, and
How should CIOs identify and the entities that collect, store, manage
mitigate threats and risks? and process that information. CIOs may
consider planning how to secure those
First, they need to catalogue all their assets in an environment where there
assets (computers, networks, are fewer verifiable (internal) controls,
application functions, humans, etc.) and less physical security, more (big) data,
consider how each asset could be and smarter, targeted attacks.
Interview with: Dr Tim Redhead, misused, disabled, lost or stolen.
Director, DotSec
Next, they should consider the risk
associated with each threat, thinking
about how likely it is for the various
Chief Information Officers (CIOs) threat-agents to be able to carry out
need to focus on information security their threat in a successful attack, and
requirements, processes and consider the consequences of such
infrastructure, rather than on products
or trends, advised Dr Tim Redhead,
attacks. Without
Director, DotSec. “They should manage
infosec in a way that it becomes a
Some risks are acceptable, but CIOs
must address the unacceptable risks, clear
business enabler rather than a either by risk mitigation strategies or by
hindrance,” he added. transferring risk. With a prioritised list
of risks, CIOs can perform a cost-benefit
requirements,
From a sponsor company attending the
upcoming marcus evans Australian
analysis and prioritise their next steps.
the end
CIO Summit 2013, Dr Tim talks about Given the current state of the
information security, risk management,
and infosec cost reduction.
economy, how can CIOs manage
infosec costs better?
result can
What do CIOs overlook when it Infosec is always going to cost money be a
comes to IT security? and time, but the problems start when it
We have observed that when CIOs
either costs too much or fails to deliver
in line with costs. CIOs must avoid
failed
approach infosec projects with less
focus on requirements-driven,
being pushed into taking on an
emerging technology because of media- security
infrastructural solutions, and more focus driven hype about perceived cost
on infosec products, then they are less
satisfied with the project outcome.
savings. system
Without careful requirements analysis,
Why? Because when you start with a risk-assessment and planning, cost and
product, you essentially have a solution time over-runs are inevitable. Much of
that is looking for a problem. Without the infosec industry is about selling
clear requirements however, the hoped- silver-bullet products. We saw firewalls,
for solution often fails to meet smart cards, PKI, IDS and then IPS, VDI
expectations. Under pressure, and now Cloud. Avoiding product-driven
requirements analysis, design and hype and focusing on requirements and
integration-prototyping seem like up- infrastructure will help to ensure that
front costs that slow down the take up projects do not run over-time, and that
of the “real” project. In reality however, costs are therefore contained.
2. About the Australian CIO Summit 2013
The Information Technology
Network - marcus evans
Offering much more than any conference, exhibition or trade show, this exclusive
Summits deliver peer-to-peer
meeting will bring together esteemed industry thought leaders and solution
information on strategic matters,
providers to a highly focused and interactive networking event.
professional trends and
breakthrough innovations.
www.australianciosummit.com
Contact
Please note that the Summit is a
closed business event and the Sarin Kouyoumdjian-Gurunlian, Press Manager, marcus evans, Summits
number of participants strictly Division
limited.
Tel: + 357 22 849 313
Email: press@marcusevanscy.com
For more information please send an email to info@marcusevanscy.com
All rights reserved. The above content may be republished or reproduced. Kindly
inform us by sending an email to press@marcusevanscy.com
About DotSec
DotSec is a professional, independent, Australian-owned information-security organisation. DotSec was established in 1999 and
has consistently delivered solutions to customers in the financial, legal, utilities, education, transport, insurance and government
sectors.
www.dotsec.com
About marcus evans Summits
marcus evans Summits are high level business forums for the world’s leading decision-makers to meet, learn and discuss
strategies and solutions. Held at exclusive locations around the world, these events provide attendees with a unique opportunity to
individually tailor their schedules of keynote presentations, think tanks, seminars and one-to-one business meetings.
For more information, please visit: www.marcusevans.com
To view the web version of this interview, please click here: www.australianciosummit.com/TimRedhead