30 May 2006

Reinventing Corporate Security for Business Survival...

The Reinvention of the T-Mobile security assurance functions is another example of continuing convergence strategy at global organizations.

Now, in one room sit three of the top security executives recruited to effect change at T-Mobile by creating a new asset protection division. They are: Frank Porcaro, vice president and director of the new asset protection division; Ed Telders, director of information security, policy and compliance; and Rick Roberts, senior manager of security services. With them in the room, of course, is the pink elephant.

The asset protection group—Porcaro's group—is the heart of the makeover. Asset protection will converge physical and information security and, at the same time, create two new groups, including an information security group and a full business continuity/disaster recovery group. In the past year alone, asset protection has grown from four employees to 18, with several of those new hires having CSO-level experience.

Meanwhile, as it's under construction, asset protection is also being moved to another division, risk management and assurance, to be closer to related functions like audit and investigations. In the end, T-Mobile hopes to have one department—risk management and assurance (RM&A)—through which all security functions flow.

The strategy for Business Survival begins with an understanding of how your corporate assets are being attacked, both online and offline. Both physical and digital.

Our corporate assets are under attack by a continuous barrage of new laws, new employees, new competitors and new exploits. Business survival in the next decade will require a more effective and robust risk strategy to deter, detect and defend against a myriad of new threats to the organization.

Modern day attackers include hackers, spies, terrorists, corporate raiders, professional criminals, vandals and voyeurs. Simply said, these attackers use tools to exploit vulnerabilities. They create an action on a target that produces an unauthorized result. They do this to obtain their objective.

The Mission
Deter the attacker from launching a salvo of new threats to compromise your organizations assets. You first have to understand the value of your corporate assets to determine what are the most valuable in the eyes of your adversary. You must make it increasingly more difficult for these valuable assets to be attacked or you will find yourself under the constant eye of those who wish to create a significant business disruption.

These attackers are individuals who take on these quests or objectives for several key reasons. They include financial gain, political gain, damage or the simple challenge, status or thrill. It’s your job to create deterrence for each one of these objectives.

The Take Away

In order to effectively deter potential risks to your corporate assets, first you have to understand what they are and how valuable they are in the eyes of each kind of attacker. The more valuable the target, the more deterrence it requires.

No comments:

Post a Comment