Business acumen, not technical skills, is what organisations should consider when hiring IT security managers, according to analyst firm, Gartner.
At the Gartner Symposium in Sydney, Gartner security analyst, Andrew Walls, spoke about how cloud computing has changed the way businesses should approach IT security.
The ubiquity of cloud computing means information can be assessed via many access points by an organisation's staff.
“People can now use smartphones and iPads to interact with the same services from a corporate infrastructure,” Walls said. “All of a sudden all the security controls have disappeared and that puts a renewed emphasis on how we actually motivate appropriate behaviour on the part of our staff.
“It also means we have to look at how security can lift its game from infrastructure to actual information control involving humans.”
How organisations respond and recover from security failures as well as hiring the right people all play a part in a well-rounded IT security policy.
If an organisation hires great security people but if they don’t train them in what the business actually does and how it makes money then they won’t understand how threats will have an impact on the business, according to Walls.
“So there is a staff development issue here but also, if you are hiring a security manager to run your department, why are you hiring a technical person?” he said.
There is an influx of security managers that do not have a technical background. Some may even have an auditing background but bring business and communications skills to the table, Walls said.
“”They may be managing a team with deep technical capabilities and knowledge but the role of a security manager is to focus on clients and to understand the business,” he said. “… Security managers have to start thinking like business people and build trusted relationship with their business clients internally.”
According to Walls, Australia fairs better than many countries in terms of IT security managers understanding the businesses they are protecting. Some industries such as the financial sector do this quite well while others like the manufacturing industry lag behind.