Subscribe

Stakeholder concerns key to infosec success

By Fay Humphries, Events programme director
Johannesburg, 15 Apr 2015
The core skill missing in the industry is 'business skill', says Kris Budnik, MD of Slva Information Security.
The core skill missing in the industry is 'business skill', says Kris Budnik, MD of Slva Information Security.

Information security professionals looking to safeguard their enterprises must invest effort into understanding what matters to their stakeholders.

So says Kris Budnik, MD of Slva Information Security, who notes they need to do this "not just from an information protection, compliance or risk perspective, but from an overall strategy and business priority perspective".

Tapping into their stakeholders' key concerns will prove invaluable for infosec practitioners aiming to get approval for their infosec initiatives and support from the business when these are being implemented. "One of the biggest obstacles is making the assumption that everyone in the business cares about information security as you do," says Budnik.

Budnik will present at the upcoming ITWeb Security Summit 2015, which takes place at Vodacom World in Midrand next month. His talk will cover how best to embed security as an integral part of the business, and he will take a critical look at current best practices.

"I have a real problem with best practices, eg Cobit or ISO 2700x, etc. The issue is that such best practices are being adopted without really spending the time determining where an organisation's real issues lie."

He points out these practices are being used as a substitute for risk analysis and, therefore, applied blindly.

ITWeb Security Summit 2015

The 10th annual infosec event from ITWeb is a 'must-attend' for every IT and security professional and senior manager with business and information management responsibilities. Click here to register.

"The bad thing is that these practices are designed to cater for a broad range of needs, and when applied without proper needs analysis, businesses land up basically applying a veneer over a very broad range of security topics, as opposed to going deep into issues that pose real security threats to the organisation," he explains.

"I am becoming convinced the core skill that is currently missing in the security industry is 'business skill'. Technically, we all know what we need to do, but our stakeholders cannot relate to us."

To access Budnik's presentation, along with those from over 30 other subject matter experts at this 10th annual event from ITWeb, click here to find out more and to register.

Share