dinsdag 3 december 2013

John Colley: What's needed for effective security


John Colley, Managing Director of (ISC)2 EMEA regularly publishes on Infosecurity Voice. His latest post claimed that “governance, risk management and compliance are not enough on their own”.
In the past few years, staffing, talent search and development have become increasingly significant to all industries and IT security is no exception. Given the importance of the matter, senior security executives should take the time and extensively  scrutinize new talent.
Without new talent and further development of existing personnel in the IT security field, you may have to deal with very serious consequences. Since cyber security challenges are rapidly-evolving alongside the non-stopping emergence of new technologies, companies and IT security professionals must try very hard to stay ahead of the curve.

According to a new report released by (ISC)2, based on responses from more than 1,600 c-level executives globally, the senior C-suite is aware of the security threats, but because they are busy reacting to organisational and compliance requirements, they cannot find the time to put adequate measures in place to effectively deal with security issues. 
Governance, risk management and compliance (GRC) policies take up nearly 3/4 of senior security executives’ time; especially in the fields of financial services, banking, insurance and government.
About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.