In most organizations today, there is a disconnect between security and fraud teams and their business counterparts. This results in a lack of understanding and coordination causing all parties real anxiety and discomfort. RSA has dubbed this disconnect “the Gap of Grief.” The familiar problem of siloed security and business functions, resulting in poor visibility and communication is all too common in today’s tech-fueled, highly competitive business environment.
This gap isn’t new, but it is without a doubt growing more treacherous for organizations every day. The demands of interoperability and availability, along with consumers’ and organizations’ appetites for modernization and innovation present constant challenges. The stealth, persistence, and resourcefulness of malicious actors only seem to be increasing. On top of that, new and more stringent mandates continue to raise the bar for compliance and risk strategies. Businesses need to simultaneously quicken the pace of digital transformation, anticipate the growing resourcefulness of malicious actors, and respond to unprecedented regulatory expansion.
The pressure is so great from these forces—modernization, malice, and mandates—that it is spurring a convergence of security and business risk, with the aim of developing and implementing a more coordinated approach to security strategy. Some organizations are starting to develop security strategies in collaboration with the broader IT, fraud, risk and business functions, seeking to inform security with relevant, contextual and specific information about what the business values most.
These organizations start with a fundamental understanding of risk and underpinning security and business efforts with a thoughtfully designed formula of visibility, insight, response, and context—the foundation of an RSA® Business-Driven Security™ strategy. These four critical focus areas can help security teams better understand what “normal” looks like for their respective businesses, where there may be issues, and what is ultimately most important. These essential elements must all function together to support the convergence of security and business risk to bridge the Gap of Grief.
In the end, organizations who embrace a Business-Driven Security approach enable themselves to establish visibility across systems, use analytics to drive insight, orchestrate response and gain the contextual intelligence to put security details into business context. Getting it right means being able to quickly and accurately answer the most critical question in the wake of an event:
“What is the impact to the business?”
This article was originally published here.