Australian business management teams have a healthy understanding and appreciation of business risk. They are aware of policy risk from a violation and implication perspective and the lending issues of capital risk. Australian IT management teams are correspondingly across the ins and outs of technical risk. However, business management and IT management teams could almost be speaking two different languages when it comes to communicating risk to each other.
Yesterday, I shared my thoughts on the steps that I believe CIOs should consider when planning for security processes and technology standards.
Today, I wanted to outline some further thoughts that Pure Hacking has had to raise the security benchmark for Australian organisations. These ideas relate to software and ensuring that CIOs know what is being developed, implemented and tested. To put it more bluntly, you need a better understanding of what you aren’t paying for in many cases.
Australian organisations are today acknowledging in an unprecedented way, the importance of security technologies and the investment in security infrastructure required keeping data safe. The traditional rule of thumb of investment in data security is no longer adequate. When things go wrong, ‘reasonable efforts’ by organisations and departments to incorporate minimum security needs into systems are negatively impacting the bottom line.