Contact
QR code for the current URL

Story Box-ID: 875296

IBM Deutschland GmbH IBM-Allee 1 71139 Ehningen, Germany http://www.de.ibm.com
Contact Mr Hans-Juergen Rehm +49 711 7854148
Company logo of IBM Deutschland GmbH
IBM Deutschland GmbH

Is Your Company Secure by Design? Aligning Security With Business Objectives

(PresseBox) (Ehningen, )
The principle of security by designsuggests that security needs to be aligned with business objectives. But what, exactly, does that mean and where should security professionals start? Below are some factors to consider when aligning security with business objectives.

Best Practices for Aligning Security With Business Objectives

First and foremost, given the increasingly complex regulatory landscape, organizations must ensure that their environments are in line with global privacy laws and standards. Many of these regulations impose heavy fines for violations that could impact the organization’s bottom line. To maintain compliance, security professionals must have a clear understanding of configuration items and their attributes, as well as visibility into the applications, infrastructure, data, transactions, networks, servers, clients, identities and access.

The next critical step is to perform a risk assessment based on the value of the service and assets at hand. Imagine a camera installed in a remote hotel corridor, for instance. The value of the service and the hardware itself is likely minimal, but breaching the camera could be the first step toward a widespread distributed denial-of-service (DDoS) attack. To avoid such scenarios, organizations must recognize the intrinsic value of security.

In addition to an asset’s attributes, it is important to know where assets and data are stored. Cloud storage, for example, carries its own set of risks and security implications. The cloud was a delivery model before it became a business model, and the workloads of existing services are often already hosted there. Since security starts with full visibility, it is critical to identify which services and assets are stored in the cloud.

When implementing security controls, organizations should invest in solutions based on the assumption that they will be attacked. Local security reports and public Computer Security Incident Response Team (CSIRT) data can help incident response teams prepare to deal with a data breach.

Tailoring the Security Operations Center to Business Needs

Finally, organizations should establish security operations centers (SOCs) to facilitate much of the work described above. A company without a SOC is more vulnerable to ransomware, even if it has implemented security controls. An SOC offers visibility into the enterprise and improves the speed and accuracy of incident response.

It is also important to consider which type of SOC aligns most closely with business objectives. If the SOC focuses solely on security information and event management (SIEM), for example, the intelligence it generates is less valuable than if it were integrated with a vulnerability management solution. The SOC can also be equipped with cognitive technologies to share data from a security incident, forensic capabilities to investigate an attack after it strikes and risk management tools to track the evolution of threats.

Securing Your Bottom Line

When aligning security with business objectives, critical assets and services must be secure by design. That means developing products and applications from the ground up and considering security at every step.

Due to the rapidly expanding regulatory landscape and the value of sensitive information to customers and cybercriminals alike, security is essential to any organization’s bottom line. While a data breach is virtually inevitable, ensuring security in every aspect of the business can help organizations respond more effectively. Most importantly, it provides the visibility analysts need to learn from security incidents and bolster the organization’s infrastructure accordingly.

Website Promotion

Website Promotion
The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.
Important note:

Systematic data storage as well as the use of even parts of this database are only permitted with the written consent of unn | UNITED NEWS NETWORK GmbH.

unn | UNITED NEWS NETWORK GmbH 2002–2024, All rights reserved

The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.