If you could take your organization's information security people, process and technology back to the drawing board would you? If so, what would you do differently?
Too many organizations spend the overwhelming majority of their time keeping the lights on and fire fighting, leaving no time for IT security innovation and business enablement. Too many organizations let legacy technology and process hold them back from embracing advancements like cloud and mobility.
If they could go back, many information security leaders we talk to would spend less on technology and spend more time on people and process. More time on basics like training end users, ensuring users have the right level of access to sensitive information, getting executive level reporting right, ensuring security events are monitored correctly, closer links with change management etc. Many would like to cut through the complexity and have good visibility into data information security operations and current risk profile.
We believe information security needs to be proactive, pragmatic and strategic. Don Smith shares his thoughts on getting back to basics in the following webcast - How to break the cycle of failure in IT Security: A Pragmatic approach.
Would it be more effective to go back to IT security basics and start fresh than to keep investing in the status quo? What would you do differently?