Information security is still in its formative years. But, as executive leaders' understanding of the need to integrate security strategies into their business plans matures, the IT security professional's role presumably expands in importance. As it turns out, such an evolution is happening in some organizations. At least that's the consensus of SC Magazine's editorial advisory board members.
During a recent meeting, board members and staff met to discuss the industry overall, which has seen most CISOs suffer drastic budget cuts as the economy began to tank early in the year. According to one of our board members, this has led to head count reduction, drops in product license renewals and abandoned projects. Those not hit as hard have played it safe, hoarding money as the overall corporate goal for the first of the year has been simply to survive.
Although signs of recovery are happening now, IT security leaders are still cautious. And it is exactly because of these lingering financial challenges that some CISOs are working both efficiently and effectively, but also in more pioneering ways. Not so long ago, if a company even had information security specialists on staff, they often deployed basic security tools to address network vulnerabilities. Soon thereafter, some pros began looking to the FUD argument to get funding for larger, more holistic projects. Then, as companies began coping with regulatory demands, security started getting treated as a business enabler.
This is the stance of most organizations now, but there's a more advanced view of information security and its place in the organization that is emerging. CISOs are looking to understand how the business is going to transform in the next few years and how the protection of the systems that will support these goals can be incorporated well before they're deployed. To accomplish these ends, these CISOs are interfacing with their CEOs, COOs and CFOs more frequently.
Such steps forward in integrating security with business initiatives years in advance of their actual implementation implies a change in the role of the CISO that is long overdue, and indicates that these pros are gaining stronger political clout in their businesses that is neither easily attained nor supported. While such transformations are not widespread yet, they could be. And this progression of the IT security pro's role, along with some small but promising signs of an economy that may be on the mend, prompts optimism in the skeptic – albeit guarded with the hope that it isn't too rash.