Use a threat-focused approach to security collaboration

How can development, operations and security teams collaborate around change to ensure security is maintained and even improved?

Collaboration across departments is often a challenge. This holds true for technology development, operations and security teams, which often have conflicting timescales, agendas and motivations. What common denominator can help to unify these departments to ensure cyber security is maintained and improved?

Collaboration based on a shared budget or project – such as a technology transformation programme – is likely to be temporary. Once a project ends, so too will the motivation and shared incentives to improve security across the organisation. So what can be done to encourage collaboration? One way forward is to adopt a threat-focused perspective, which can have several benefits.

– Cyber security threats impact all three teams – development, operations and security – and mitigating threats is something they can all agree on as a priority (albeit to a lesser or greater degree). The process of building agreement will have to be started by the security team but, once achieved, it can be used to create a shared understanding of cyber security across the wider organisation.

– The majority of cyber security threats – except for insiders – are external to the organisation. Using external threats as a common denominator can serve as an effective unifying factor, help to foster a sense of shared purpose and reduce internal competition over resources.

– The threat-focused perspective has the benefit of being topical. Cyber security incidents are in the news on a weekly basis and security teams should take advantage of this publicity in measured way, portraying cyber insecurity as one business risk among many. The ultimate goal is to enable an organisation to achieve its goals, and a threat-focused perspective will help to do this.

Source: Computer Weekly