Information Security Architect | Top 3 Tips for Success with Your Information Security Architect
Articles March 3, 2017 Comments Off on Information Security Architect | Top 3 Tips for Success with Your Information Security Architect 79The Information Security Architect: 3 Tips for Success
The role of the information security architect is to act as a conduit between related, yet different disciplines while maintaining a focus on security. Since security touches everything in an organization, this is a great deal of often complex moving parts that need to be coordinated, adjusted, and managed.
A simpler analogy of an information security architect is if all the security technologies in your organization are players in a game of basketball, the information security architect would be the coach. Just as even the best teams are often not successful without a coach, the same goes for an effective security program without a security architect function.
Here are 3 tips associated with the Information Security Architect role:
Tip 1: Get One- Every organization should have an information security architect function. The key word being ‘function’ in the previous sentence. You do not necessarily need a dedicated person, but you do need a capability that can play an active role in managing how well your security technologies work together to reach overall goals.
If you are a mom and pop company, that is probably the owner of the company making sure that the antivirus on the one workstation is in alignment with the firewall installed on the wall. If you are a multi-billion dollar organization this may be a dedicated group that is focused on how all of the preventive and detective safeguards work together. In either case, the focus is on the forest, not a particular tree within it.
If you are a mom and pop company, that is probably the owner of the company making sure that the antivirus on the one workstation is in alignment with the firewall installed on the wall. If you are a multi-billion dollar organization this may be a dedicated group that is focused on how all of the preventive and detective safeguards work together. In either case, the focus is on the forest, not a particular tree within it.
Tip 2: Don’t Use a Specialist for an Architecture Position- Just as a player on the field will not operate well as a coach, the same is true for the Information Security Architect role. Make sure that whoever is focusing on security architecture has a viewpoint that is global and can communicate across technologies and disciplines with specialists in those areas.
Tip 3: Define the Security Architecture Program- Every organization should have a suite of processes for managing a security architecture. These processes should be defined and managed by the security architect. If you don’t have the security architecture processes defined as an organized program, the security architecture capability will for sure struggle. If you do not have skill-set to build this program internally, you need to go externally to get it.
If you have any questions, please contact us know how we can help you.