A journey to make
Information security is a journey that cant be completed
in a day. The security strategist must travel this path with care, says Prasad
Natu, GM, Shared Services, ITC.
Information security is a journey that every security strategist
has to make. What differentiates a good security strategist from another is
the extent of initiatives that the person takes to make an organisation more
secure and the business more aware of security.
The strategist must ensure that information security in an
organisation is maintained in a structured manner without any negative impact
on the business. This is a delicate process, and needs a person who knows how
to balance business and processes in his organisation.
After going through all the presentations made by the nominees,
I feel that all of them have taken security as a serious business initiative.
All the strategists have been successful in changing the way that their companies
These strategists have focussed on creating awareness about
security at the highest levels in their companies. They have successfully gathered
support from the board, and even from their chairmen, head councils or committees.
These are persons who act as the highest authority for enterprise information
An interesting pattern is that most nominees who had taken
up information security-focussed initiatives in their organisations about two
years ago have seen their efforts bear fruit and their companies progress in
Awards such as the Security Strategist add a lot of value
to the industry. The entire process is not only about giving an award to what
a person has done, but its also about creating awareness across the industry
about the role and importance of information security.
The selection process for shortlisting the nominees was objective
and the co-ordination for the jury meet was done well. The changes made in the
selection and shortlisting criteria created a broader base of companies that
My organisation had participated in the Security Strategist
Awards last year. I was here to make a presentation on behalf of my company,
which won me an award. This year, on receiving the invitation to be a member
of the jury, I was very enthusiastic to take up the responsibility. It feels
wonderful to be at the helm of such a prestigious affair.
An aspiring security strategist must create a roadmap of
information security for the company, and even take a cue from experienced security
strategists and winners of awards such as these.
It isnt necessary to spend a lot of money to deploy
information security. All the nominees who were shortlisted had separate budgets
for IT out of which a certain amount was allocated to information security.
Just because an organisation allocated a lesser amount of
money or a smaller percentage of its annual turnover for IT and information
security does not mean that the company is less secure than any other organisation.
The security strategist must have the right approach, method and will to achieve
the defined goals.