Security chiefs urged to take joined-up approach

PwC sees a lack of integration between IT security and corporate security

IT security needs to be more closely aligned with other corporate security functions, with an individual role co-ordinating and monitoring converged enterprise risk, according to a new benchmarking study by PricewaterhouseCoopers (PwC).

The consultancy firm approached 10 of its FTSE 100 clients with the aim of discovering "what a 21st century security function looks like".

Steve Wright, security and business continuity management leader at PwC, claimed that the results highlight a lack of integration between IT security, and areas of corporate security tasked with fighting counterfeiting, terrorism, bribery, intellectual property infringement and other risks.

In today's climate, criminals are likely to target several vulnerabilities in different vectors to achieve their goals, necessitating "a more joined-up approach" from security and risk teams, the report said.

"There is a silo mentality, in that we commonly find [these problems] all dealt with by different heads of department," said Wright. "This is not necessarily wrong, but it could be enhanced by someone looking holistically and co-ordinating, and looking at risk over different points."

He added that the recession will force companies to look at this as an area in which they could make significant efficiency gains.

Nick Frost, senior research consultant at the Information Security Forum, argued that insider threats, mobile malware and offshoring are all areas of potential high risk.

"The threat from organised crime is well reported, and most organisations are seeing this increase dramatically with the recession," he said.

Wright added that the combined corporate and IT security function should be focused on business protection through understanding information assets, applying a thorough risk assessment methodology, preparing for business continuity and ensuring adequate resilience.