The report details four strategies to help enterprises adapt information security programs to facilitate business innovation over the year ahead. Strategies include how to boost risk and business skills, court middle management, tackle IT supply chain issues and build tech-savvy action plans.
The Council's guidance is aimed to help enterprises face the impact of the technology adoption of cloud computing, social media, mobile and Big Data. The Council also outlines the major impacts of these trends for security teams and how to address them.
The trends are as follows:
- Cloud Computing - The accelerating adoption of cloud services is pushing security concerns. In order to meet requirements, enterprises must find ways to effectively evaluate the security controls of their providers' - which includes implementing continuous monitoring.
- Social Media- Security teams should construct comprehensive policies as well as security controls to effectively manage the risks associated with social media. A good social media risk management strategy will need to involve a multidisciplinary team.
- Mobile - The risks of mobile adoption continue to increase. Security teams will need to build strategies with the understanding that the end-point is not trusted.
- Big Data - The value of Big Data requires security teams to build out multi-year plans to properly evolve a security management model. Such plans will enable security teams to utilise Big Data to detect and effectively remediate security threats. Security teams must also be involved in any new Big Data projects from the onset in order to understand the impending risks and develop the strategies to manage them.