The changing role of information security in the enterpirse

Information security professionals believe they are moving towards a more pro-active, risk-based approach to securing their organisations and away from just IT and technology-related activities. This is one of the key findings in a study by the Information Security Forum (ISF) looking at the Role of Information Security in the Enterprise (RISE). 

Adrian Davis, senior research consultant and author of the report comments:

Without doubt, our research shows that information security professionals want to change; to become information risk professionals and true business partners to add value and shape business strategy and processes. This change will involve more than just re-labelling job functions, activities and responsibilities. Skill sets will need to change, as will the way security professionals communicate with their businesses and measure performance.

The ISF study examined where security in organisations is headed along with the security value proposition and challenges that have to be faced.  Using this extensive research work and analysis including input from over 160 senior security professionals in some 100 major ISF Member organisations from around the world, Adrian Davis and his team identified key areas of change and drivers for change, and looked at the future for information security.

Davis added:

It is clear that Information security is changing radically and will continue to change. The pressure for this comes from within the profession and from external forces such as businesses, regulators and changes in culture and behaviour.

Although differences exist between both geographical regions and industry sectors, common themes can be identified.

The Report entitled, the Role of Information Security in the Enterprise, is one of over 200 authoritative reports available free of charge to ISF Members.