An enterprise’s IT and cybersecurity departments want the same thing: for systems to operate both efficiently and securely. However, they begin to diverge when things break down, said Brendan Williams.
The cybersecurity adjunct professor at the University of Dallas spoke with SC Media Deputy Editor Bradley Barth during an SC Media eSummit.
IT people often take the view of “If it ain’t broke, don’t fix it,” Williams explained, because doing something to a system introduces a change, which could affect the uptime and security of that system. On the other hand, the security team wants to shut things down if something unusual is detected, which affects IT’s uptime.
To meet the needs of both teams, Williams recommended solid documentation for problem discovery, framing and solving so that “you’re taking a ready, aim fire approach as opposed to a ready, fire, aim approach.”
Ultimately, he said the IT and security departments must work together to prevent attacks and they must partner to create a system of accountability and timeframe to resolve underlying security issues.