The Evolving Role of Security Structures
GIAC (GSLC) Gold Certification
Author: Dale Emel, dale.emel@gmail.com
Advisor: Dr. Kees Leune
Introduction
With falling budgets and escalating threats, firms and corporations are examining new methods and approaches to gaining strategic and competitive advantages through viral growth and lower operating costs. As CEO’s and Boards of Directors look to enhance their businesses, increased threats and restrictions have drawn their attention to improving their positions in corporate risk management and regulatory compliance. This thinking presents new, strategic investment opportunities and challenges for security professionals and leaders.
This paper examines some of the most popular strategies businesses are using in 2010 and suggests extensions and additions to the security management structures covered in the SANS Management 512 course, Security Leadership Essentials for Managers (The SANS Institute, 2009). My research began by examining the competitive business market trends in 2009 and those planned for 2010. Results demonstrate that the business trends for 2009 will continue into 2010 with a strong focus on Social networking, Cloud Computing, and the Consolidation of resources and systems to reduce costs.
Combined data from Baseline (Greengard, 2009) and PriceWaterHouseCoopers (PriceWaterHouseCoopers, 2009) illustrates the areas of strategic investment that businesses are planning to focus on in 2010 (Figure 1 - Planned areas of Investment for 2010). Survey respondents revealed that Green Initiatives (92% of the respondents), Centralization (76%), Social Knowledge , Cloud Computing, and Hardware Infrastructure upgrades would dominate the investment focus (note percentages do not equal budget allocations). These strategic investment initiatives are introducing new technologies, new processes, and additional revenue streams for businesses, along with introducing new concerns, such as increased exposures to risk, regulations, and unknown threats.
