Security experts offer downturn survival tips

Security chiefs need to pick the right team to weather the economic storm

Ten of the world's top global IT security chiefs have outlined how security leaders can cope with the increasing pressure of the current economic downturn, and build and manage efficient security programmes.

Driving Fast and Forward (PDF) is the third report from the Security for Business Innovation Council, an advisory body sponsored by information security firm RSA Security.

Best practice advice given by the council includes having a security team that can interact easily with business owners, understand business processes and make risk assessments.

The report also recommends that security teams could be extended by using others in the organisation who have an aptitude or interest in security to help with initiatives.

"A key job of a chief information security officer [CISO] is security capability management, i.e. getting the right person in the right job," wrote BP CISO Paul Dorey in the report.

"So a mature programme balances self-assessment and self-help, support from full-time security specialists and contractors, and also uses third-party consultants."

The report said that creating standardised ways of doing things across the organisation, and embedding security in business processes, could cut overheads and raise the profile of security.

Automation of manual processes, outsourcing and consolidating security tools can also help teams cut costs and create efficiencies, but such strategies need careful managing, the report warned.

Andrew Moloney, RSA's European marketing director, argued that much of the advice in the report is 'good housekeeping' but has even greater focus now the global economy is in decline.

"We've heard a lot of theories but not many people are putting out this kind of practical advice," he added.

"We've been talking for the past two years about migrating from security being a tax on business to it being fully integrated into the business strategy; using a security framework to eliminate redundancies in processes and technologies, and automating what you can to achieve efficiency gains."