Forrester Research Says Aligning Business Objectives with IT Risks by 2011 Can Fend Off Security Threats

Bob Styran, IT audit expert
December 08, 2010 /

At the advent of 2011, security threats will become more specific yet harder to detect, said Forrester report, a research company that counsels technology and business leaders worldwide.

The report recommended aligning business objectives with organizational efforts to ward off security threats, noting that most IT security professionals focus only on technologies used to detect security threats instead of the ones that prevent them from taking place.

Some of the recommendations proposed by Forrester include restructuring corporate governance, security process being more responsive to threats, and improved analytics.

Forrester’s report, ‘Twelve Recommendations For Your 2011 Security Strategy,’ noted that improving analytics would require the use of technologies that enable preventive rather than detective strategies such as cloud computing and mobile, which positions the organization in such a way that it could view the IT environment from a wider perspective to analyze and ward off security threats.

Khalid Kark, author of the report, cited Forrester’s recent survey which found that 27 and 37 percent of European and North American companies, respectively, gave little significance to security measures. He said the problem heavily lies in budget constraints faced by IT security professionals and staffing within the organization, though he said this area receives an average 10 percent of an organization’s budget scheme.

Kark emphasized the importance of preventive technologies to address security threats, being more helpful in building security programs in the organization. He said most security breaches went undetected because hackers have taken precautions against detection, which is the downside of detective technology.

Forrester’s report said the absence of the link between security and business objectives within organizations accounted for most problems in IT security. Responding to security threats with operational measures, without business and financial metrics, is futile, the report added.

 

Share your opinion