Monday, 16 January 2017

Gartner’s Six Principles of Resilience for Digital Business Risk and Security


There are 6 main principles when talking about information security. These principles first introduced in 2016 by Gartner risk and security division.


Principles are:

  • Principle No. 1: Stop Focusing on Check Box Compliance, and Shift to Risk-Based Decision Making 
    • Security is not the same old beast. Information security must be a top down approach and driven from identified business risk. Risk management and risk analysis is the first big step of any information security work. 
  • Principle No. 2: Stop Solely Protecting Infrastructure, and Begin Supporting Business Outcomes 
    • Information security is a business enabler. Security is there to help business achieve its goals and targets. The only way of having a successful information security architecture is to make sure it is aligned with business strategy. 
  • Principle No. 3: Stop Being a Defender, and Become a Facilitator 
    • Again, the aim of information security is to facilitate business to hit the targets. Of-course security is important, but if we are blocking business process, it is useless. 
  • Principle No. 4: Stop Trying to Control Information; Instead, Determine How It Flows 
    • Big shift in security mind set is moving away from local and limited controls and have a holistic approach looking at flows and process. 
  • Principle No. 5: Accept the Limits of Technology and Become People-Centric 
    • These days more and more attacks are result of lack of user awareness. Training people and using resources is as important as having technical controls. 
  • Principle No. 6: Stop Trying to Perfectly Protect Your Organization, and Invest in Detection and Response 
    • We all know it is impossible to have a complete safe environment. Threats and vulnerabilities are always there. Proper incident response plan and operation is crucial for any business. 

No comments:

Post a Comment