Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

InfoSec: Understanding business goals is key to embedding company-wide security practices

Matthew Finnegan | April 26, 2013
Too many rely on security tools as a "panacea"

Also speaking at the InfoSec event at Earl's Court in London as part of a panel discussion on 'Changing perceptions: Embedding information security in the business', head of information security at Manchester Airport Group (MAG), James McKinlay, highlighted the need to "build bridges" with other parts of the organisation and evolve their role within a business.

"Getting involved with people all the way across the business really helps your case when you want support for changing things and getting over the resistance to change," he told an audience of press and other heads of security.

"The world needs to move on from thinking about information security as being computer security. Information security is much wider and has to build bridges with the business."

He added that a more strategic approach in line with other business priorities is needed to ensure information security staff are able to influence risk management across an enterprise: "I don't believe enough people who are leading an information security function have set out a strategy in the style of a paper that has been agreed by the IT director, risk director and laid a business plan aligned to the business goals."

"If you are in a larger organisation it will have a mission and a vision, you should really adopt that sort of approach and put it in a strategy paper. I think this a great way of getting information security embedded in your business practice."


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.