Gartner: Technical skills not essential for security managers
- 17 November, 2010 14:16
Business acumen, not technical skills, is what organisations should consider when hiring IT security managers, according to analyst firm, Gartner.
At the Gartner Symposium in Sydney, Gartner security analyst, Andrew Walls, spoke about how cloud computing has changed the way businesses should approach IT security.
The ubiquity of cloud computing means information can be assessed via many access points by an organisation's staff.
“People can now use smartphones and iPads to interact with the same services from a corporate infrastructure,” Walls said. “All of a sudden all the security controls have disappeared and that puts a renewed emphasis on how we actually motivate appropriate behaviour on the part of our staff.
“It also means we have to look at how security can lift its game from infrastructure to actual information control involving humans.”
How organisations respond and recover from security failures as well as hiring the right people all play a part in a well-rounded IT security policy.
If an organisation hires great security people but if they don’t train them in what the business actually does and how it makes money then they won’t understand how threats will have an impact on the business, according to Walls.
“So there is a staff development issue here but also, if you are hiring a security manager to run your department, why are you hiring a technical person?” he said.
There is an influx of security managers that do not have a technical background. Some may even have an auditing background but bring business and communications skills to the table, Walls said.
“”They may be managing a team with deep technical capabilities and knowledge but the role of a security manager is to focus on clients and to understand the business,” he said. “… Security managers have to start thinking like business people and build trusted relationship with their business clients internally.”
According to Walls, Australia fairs better than many countries in terms of IT security managers understanding the businesses they are protecting. Some industries such as the financial sector do this quite well while others like the manufacturing industry lag behind.
- MSP Guides for effective Endpoint Management Solutions
- Smart Cloud: Move Beyond monitoring to Holistic Management of Application Performance
- McAfee Whitepaper: Building the Business Case for Privacy
- Cloud and Co-Location Solutions
- Modernizing Security for the Small and Mid-Sized Business – Recommendations for 2013 (Sponsored by McAfee)
- CITRIX SYNERGY ’13: Look beyond Cloud infrastructure, says Liang
- CITRIX SYNERGY ’13: Christiancen highlights the need for collaboration
- CITRIX SYNERGY ’13: Devices will change how people work, says Duursma
- Are we ready for a mobile-first world?
- Smartphone chips could replace server processors in HPC, researchers say
Attack on Telenor was part of large cyberespionage operation with Indian origins: report
Box buys iOS app to improve its own
Growing mobile malware threat swirls (mostly) around Android
Barracuda Networks raises free capacity of Copy.com to 15GB
Coke gives peace a chance ( +16 photos)