Monday, 20 June 2016

Gartner’s Six Principles of Resilience for Digital Business Risk and Security


There are 6 main principles when talking about information security. These principles first introduced in 2016 by Gartner risk and security division.

Principles are:

  • Principle No. 1: Stop Focusing on Check Box Compliance, and Shift to Risk-Based Decision Making
    • Security is not the same old beast. Information security must be a top down approach and driven from identified business risk. Risk management and risk analysis is the first big step of any information security work.
  • Principle No. 2: Stop Solely Protecting Infrastructure, and Begin Supporting Business Outcomes
    • Information security is a business enabler. Security is there to help business achieve its goals and targets. The only way of having a successful information security architecture is to make sure it is aligned with business strategy.
  • Principle No. 3: Stop Being a Defender, and Become a Facilitator
    • Again, the aim of information security is to facilitate business to hit the targets. Of-course security is important, but if we are blocking business process, it is useless.
  • Principle No. 4: Stop Trying to Control Information; Instead, Determine How It Flows
    • Big shift in security mind set is moving away from local and limited controls and have a holistic approach looking at flows and process.
  • Principle No. 5: Accept the Limits of Technology and Become People-Centric
    • These days more and more attacks are result of lack of user awareness. Training people and using resources is as important as having technical controls.
  • Principle No. 6: Stop Trying to Perfectly Protect Your Organization, and Invest in Detection and Response
    • We all know it is impossible to have a complete safe environment. Threats and vulnerabilities are always there. Proper incident response plan and operation is crucial for any business.

No comments:

Post a Comment