By Tom Scholtz, Gartner Inc.
Increasing cyber security threats mean most security and risk management leaders are growing their IT security teams. Hiring qualified and seasoned cybersecurity professionals has become increasingly difficult. Now is the perfect time to think differently and consider a “lean” approach to staffing, which can help alleviate this employment challenge.
Digital business has changed the risk landscape permanently. Even in the unlikely case that there are no resource constraints, scaling up a centralized cyber security function as more and more threats emerge isn’t necessarily the best way to protect organizations.
Those considering a different approach must observe the principles of digital business security:
- Evolve security teams from being protectors of all infrastructure and data into facilitators of risk-based decisions throughout the organization.
- Fully integrate security practices into the fabric of the organization, rather than bolting them on and enforcing them through a centralized security function.
- Share accountability for protecting enterprise resources with business process, application and data owners — no longer is the security team…