It's good and all to talk about making additional investments in to IT security, but budget is a concern for most organisations. If your company has a tight purse string, there are still ways to improve IT security.
Security image from Shutterstock
IT services firm Accenture, along with the Ponemon Institute, recently conducted a global study on 150 companies over a two year period to observe what businesses with effective security arrangements in place have in common. This was then split out into three components: strategy, technology and governance.
Strategy pertains to making security a top priority, technology involves using the latest tools to safeguard IT assets while governance refers to bringing in processes to strengthen a company's security posture. While strategy and technology are both likely to require monetary investment, changing up the governance side of IT security is a cost effective option, according to Accenture Asia-Pacific security lead Jean-Marie Abi-Ghanem.
He stressed the importance of having the chief security officer (CSO) reporting directly to the top executives and having control over budget and resourcing when it comes to improving IT security governance in an organisation.
"Having one person who is able to define the security program and have a say on what needs to be done is key," Abi-Ghanem told Lifehacker Australia
He also noted that organisations need to move away from a reactive, compliance-only approach and focus more on risk management to strengthen IT security.