Strong security management can help overcome the security challenges presented by the complex, hybrid environments of today.
So said Art Coviello, president of RSA and executive vice-president of EMC, speaking at the RSA Conference being held in London, this week.
He added that the security landscape has also become more complicated due to the growing number and sophistication of cyber threats. The myriad available solutions further compound the problem, said Coviello, adding there is a “dangerous” lack of visibility which leaves companies open to attack.
Ultimately, he said, a good security management system should allow the right people access to the right information over a secure infrastructure.
Tom Heiser, chief operating officer at RSA, said organisations should embrace risk-based compliance and have the confidence to focus on the most important assets.
The key, he said, is to avoid costly, unintended consequences. He said there are several points organisations should consider when aligning their security management strategies to the increased demands of compliance.
Firstly, he said to establish an enterprise controls framework. “To do this, organisations must create controls across the organisation aligned to the business needs and regulatory requirements.
“Organisations also need to set or adjust their threshold for controls. To do this, they must decide on the correct level of controls, bearing in mind the current industry standard, to be in line with the legal requirements.”
Next comes streamlining and automating compliance processes. “This involves writing an enterprise governance, risk and compliance strategy that takes into account all the information needed to manage risk and compliance and give a clear view into the controls.
“Fortifying third-party risk management is the next step. Focus on comprehensive third-party strategies that focus on diversification, due diligence, rigorous contractual requirements, consequence management and governance,” added Heiser.
He said following this, the compliance and business agendas must be unified. “Compliance should be 'operationalised'. Develop the structure needed to make compliance an integral part of the business, in line with the company's top-priority goals.”
Lastly, he recommended educating and influencing regulators and standards bodies. “By doing this, companies can influence regulation to avoid too-harsh rules that can destroy a business.”
Related story:
Social networks herald death of privacy
Share