Archives ||About Us || Advertise || Feedback || Subscribe-
-
Issue of November 2004 
-

[an error occurred while processing this directive]

  -  
 
 Home > Security Strategist 2004
 Print Friendly Page ||  Email this story

The Strategist's a thinker

At the heart of a Security Strategist is a thinker. He/she balances business and technology, and has the ability to convince the higher management and the floor-level personnel about the criticality of security.
S B Patankar
Director Information Systems,
The Stock Exchange

A Security Strategist is a special person in an organization. I say special, because the most essential quality of a Security Strategist is that he/she should be a thinker.

The person should know the business and the technology nitty-gritties, equally well. The strategist should have the capability and skill to create awareness among personnel at the highest and lowest level so that there is unanimous approval to implement a security infrastructure.

A complete security strategy?

No person or object is perfect in the world, and thus no security strategy can be completely foolproof. One has to recognize the importance of security in an enterprise in relation to the applications being used. And based on this, the Security Strategist has to create a strategy, build a policy, and make sure they are implemented.

Technology is just part of the solution. The Security Strategist has to work out means to connect the benefits of technology to the security needs of the business, and make sure that the solution will be implemented properly.

Risk mitigator

A Security Strategist has to be a person who can mitigate risks. It is important for the Strategist to analyze the business processes of the organization. By doing so, the Strategist can calculate the amount of potential risk and threats to business.

The Strategist must then plan and deploy risk mitigation mechanisms that can best counter the perceived risks. The mechanisms should be just the right amount so that the security architecture is not under-done or overdone.

As it is necessary not to build a weak security mechanism by restricting the budget, it is also necessary not to overdo the deployment of security architecture.

A combination

Security is a combination of technology and people, and the Security Strategist should have the maturity to understand that. An organization may have a lot of documented policies nicely filed and kept on shelves. But it takes the combined effort of all the personnel in the organization to ensure that the policies will be implemented.

The challenges

A Security Strategist's job does not come without challenges. The biggest of them all is to is to get approval from the higher management. And these approvals are mostly related to the budget.

Another challenge is to convince people and drive home the importance of security in the organization. A business person will always insist on revenue returns for the expenditure, so it's always difficult to convince.

Signs of success

A successful Security Strategist will have changed the mindset of the personnel to an extent that security will be a part of their life. Security will no more be an optional thing. The Strategist will have changed the culture in such a way that everybody respects the security framework and infrastructure. And this I believe is the hallmark of a successful Security Strategist.

 
     
- <Back to Top>-  

Copyright 2001: Indian Express Newspapers (Bombay) Limited (Mumbai, India). All rights reserved throughout the world.
This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Bombay) Limited. Site managed by BPD.