As a security and risk professional, I am often asked ‘how much security is enough?’ Seems a simple enough question, but it manages to trip so many people up in terms of an answer. So what is the right answer? Is there a nice sound bite that one can give? Well, not really.
In a dynamic environment such as ours of increasing security threats, firms have a big challenge on their hands to ensure they continue to:
A day rarely passes without a press report relating to a security issue. All financial services organisations now face greater security threats to their people, assets and operations from such diverse sources including:
The level of complexity involved in managing such a diversity of threats means that cyber security has become a significant and increasing cost of doing business. The challenge is to develop a holistic approach to security management which responds to each of these demands in a coordinated, cost effective, and efficient way.
Where are firms focusing their infosec investment?
Our larger clients are spending millions in transforming their security functions and improving their security management practices across a range of areas, including:
For many of our clients, this investment represents a significant shift away from the manner in which they have traditionally managed security. It is also placing huge demands on their security teams to develop new management skills, and it also places demand on their partners and service providers, including us.
The best fit model
We’re seeing it becoming more common for organisations to strive for a “best fit” solution as opposed to obtaining “best practice” in every security matter. It’s about being commercial and pragmatic in the way security is managed. Conforming to best practice is an extremely expensive exercise that does not necessarily deliver business benefits equal or greater to the expenditure required to get there.
A best fit model is about understanding what the risks are, and applying the most appropriate risk mitigation strategy to reduce them, as opposed to applying the best practice processes regardless of the associated risk.
So how much security is enough? A good place to start is to identify the top risks your business is likely to face and find commercially pragmatic solutions that remediate those risks. And that’s exactly what firms must be focused on doing right now.
You don't have to be a fintech to run a hackathon but you do need to get it right.
Supporting both Seeds of Africa and Sponsor a Child initiative through Pebbles Project.
Business Development Manager, Andrew Schmidt, talks about XTOOLS' joint planning tools in XPLAN.
It's a simple enough question, right? Er, not quite says our CISO Mark Vos.
Barbara Arnold discusses details of the IRESS | INET BFA Integration.
IRESS Account Executive, Lee Ann Sheath, talks about how XPLAN's tools help you to track business opportunities
IRESS Account Executive, Morgan Raad, talks about best practices in Financial Planning and how XPLAN can support you in implementing these practices.
We're gearing up for the third annual Global Hackathon – a high energy, fast paced, pizza-fuelled event spanning five continents and multiple time-zones.
How we're changing lives in South Africa at the Healing Word Creche.
Healing word creche christmas party.
Barbara Arnold gives insight into market data.
Eugene van Rensburg gives insight into integrated wealth management.