Certain skill sets may be a commodity in the IT field these days, but EMC's Security for Business Innovation Council's latest report may have some solutions for building an effective security team.
"According to the SBIC report, information security is no longer just about implementing and operating security controls, but the mission has evolved to "include advanced technical and business-centric activities such as: business risk analysis, asset valuation, IT supply chain integrity, cyber intelligence, security data analytics, data warehousing, and process optimization.
This mission growth translates into a need for specific skill sets, but the shortage of such talent makes building an effective team a monumental task. However, with this problem comes an opportunity.
In many organizations, personnel outside of security are starting to realize that they — not security — own the risks to their information assets and they need to actively partner with security to manage those risks," the SBIC report states.
To be successful, the information security function is a cross-organizational endeavor, with security processes deeply embedded into business processes."