Tip

Top 5 factors for IT team security

Anecdotal studies have shown that the following five factors contribute to your organization's security. How many describe your team?

5. Executive ownership: Sponsorship and ownership differ dramatically. Effective security

    Requires Free Membership to View

is a cultural choice, and teams that experience executive ownership of security succeed because the executive is not just involved as a sponsor, but is also committed as an owner. A sponsor cheers from the sidelines, while an owner takes the ball over the line.

4. Consult, collaborate and cooperate: No single organization can do it all, especially in IT. Many teams are too focused on delivery, moving too fast and responding to too many market or business pressures. Having a consultative attitude when working with the security team opens the door to advice, support and sometimes even staff. Being open to help means help will come. Confucius might have once said, "An open hand works both ways -- it gives, but it also receives" (and if he didn't, he should have).

3. Attitude of continuous improvement: Good enough is not good enough in a security-conscious organization. Focusing on a compliance bar develops a reactive security program. By continually pushing beyond "good enough," companies build proactive security programs that cost less and provide more value than reactive, compliant programs. Instead of a major retooling when regulatory or industry compliance frameworks change, the proactive team security program adapts quickly. Think of Bradley Wiggins (winner of the 2012 Tour de France). Two years earlier, he was a dedicated track cyclist with three world championships. Now he's the first Brit to win the event, and he did it in only a few years of training.

2. Process has its place: Developers love Agile because it doesn't feel heavy-handed, but Agile is a process (just don't tell the development team). That's the key to Agile's popularity -- and to its success. It has just enough process to be effective and efficient. Security comes with its own process, and successful teams are committed to implementing effective processes, even when they may seem unimportant or don't obviously contribute to the team's vision. All-star basketball players may sink the winning shot at the buzzer on Friday night, but Monday morning they're back in the gym practicing free throws, because they know the little things contribute to the big wins.

1. Security is a choice: Internal commitment plays a significantly larger role in effective security than external compliance. This is because, after all of the administrative and technical controls are purchased, installed, configured or published, it's still people who make or break your security. Developing a culture of security is very different from developing a culture of compliance, and it pays off in spades. Going through the motions might get a racing team to Indianapolis, but commitment to excellence is required to beat the competition.

This was first published in February 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.