Steven Sim: One of the areas which I think all IT security leaders have to look at in terms of stakeholder engagement is being able to translate and bridge the gap between technical risk and business risk.
Business and system folks must involve IT security right from the start of any project to understand the risks involved so that stakeholders can make well-informed decisions. Using this approach, whether it's moving to the cloud or setting up a smart office, security risks including shadow IT setup and poor IT security practices can be mitigated.
Fundamentally we have to show that IT security is a business concern and not here to be show-stoppers. We have to optimise risk. There's always good business risk and bad, so it's important for business or system owners to be informed right from the start to allow for well-informed decisions in order to optimise risk.
Sign up for CIO Asia eNewsletters.