• Press Release

    September 16, 2013

    Global Security Chiefs Deliver Playbook for Developing a State of the Art Security Team

    RSA Releases New Research from the Security for Business Innovation Council

    Story Highlights

    • The Security for Business Innovation Council (SBIC) argue in new report that information security needs to become a cross-organizational function, with security functions embedded into business processes, and security teams working closely with business units on information risk management and cyber threat mitigation.
    • Council members offer seven recommendations to help organizations build state-of-the-art security teams with the diverse skills needed to take on expanded responsibilities in managing risks to information resources throughout the enterprise.
    • The Council’s recommendations are presented in a new report, available today from RSA.

    BEDFORD, MA - September 16, 2013 -

    A new research report released today by RSA, The Security Division of EMC (NYSE:EMC), from the Security for Business Innovation Council reveals the composition of a forward leaning security program – starting with building a next-generation information security team to the lifecycle management of cyber risks in today’s global enterprises.  The last 18 months have seen big changes in the overall requirements for success for information security teams against a backdrop of a hyper-connected business environment, evolving threat landscape, new technology adoption, and regulatory scrutiny.  In response to this changing environment, essential activities and responsibilities of enterprise information security teams are very much in transition.

    The latest report titled, “Transforming Information Security: Designing a State-of-the Art Extended Team,” argues that information security teams must evolve to encompass skill sets not typically seen in security, such as business risk management, law, marketing, mathematics, and purchasing. The information security discipline must also embrace a joint accountability model in which responsibility for securing information assets is shared with the organization’s line of business managers and executives who are beginning to understand that they ultimately own their own cyber risks as a part of business risk. Many of the advanced technical and business-centric skills needed for security teams to fulfill their expanded responsibilities are in short supply and will require new strategies for cultivating and educating talent, as well as leveraging the specialized expertise of outside service providers.

    To help organizations build a state-of-the-art extended security team, the Council drafted a set of seven recommendations, which are detailed in its new report.

    • Redefine and Strengthen Core Competencies – Focus the core team on increasing proficiencies in four main areas: cyber risk intelligence and security data analytics; security data management; risk consultancy; and controls design and assurance.
    • Delegate Routine Operations – Allocate repeatable, well-established security processes to IT, business units, and/or external service providers.
    • Borrow or Rent Experts – For particular specializations, augment the core team with experts from within and outside of the organization.
    • Lead Risk Owners in Risk Management – Partner with the business in managing cybersecurity risks and coordinate a consistent approach. Make it easy for the business and hold them accountable.
    • Hire Process Optimization Specialists – Have people on the team with experience and certifications in quality, project or program management, process optimization, and service delivery.  
    • Build Key Relationships – Develop trust and influence with key players such as owners of the “crown jewels,” middle management, and outsourced service providers.
    • Think Out-of-the-Box for Future Talent – Given the lack of readily available expertise, developing talent is the only true long-term solution for most organizations. Valuable backgrounds can include software development, business analysis, financial management, military intelligence, law, data privacy, data science, and complex statistical analysis.

    Executive Quotes:

    Art Coviello, Executive Vice President, EMC, Executive Chairman, RSA, The Security Division of EMC
    “For this transformation to be successful security must be seen as a shared responsibility that requires active partnerships to manage the inherent risks to the business in the ever-evolving threat landscape.  It is imperative that organizations can develop a security team with the right expertise needed to get the job done.”
    Bob Rodger, Group Head of Infrastructure Security, HSBC Holdings plc.
    “The core security team’s expertise should be primarily focused on delivering consulting, providing direction, driving strategy, identifying and explaining risks to the business, understanding threats, and moving the organization forward – not be encumbered by the day-to-day routine operational activities.”

    About the Security for Business Innovation Council

    The Security for Business Innovation Council is a group of top security leaders from Global 1000 enterprises committed to advancing information security worldwide by sharing their diverse professional experiences and insights. The Council produces periodic reports exploring information security’s central role in enabling business innovation.

    Contributors to this report include 18 security leaders from some of the largest global enterprises:

    ABN Amro FedEx Corp. JPMorgan Chase
    ADP, Inc. Fidelity Investments Nokia
    Airtel HDFC Bank Ltd. SAP AG
    AstraZeneca HSBC Holdings plc. TELUS
    Coca-Cola Intel T-Mobile USA
    EMC Corp. Johnson & Johnson Walmart

    Additional Resources

    About Dell

    Dell EMC, a part of Dell Technologies, enables organizations to modernize, automate and transform their data center using industry-leading converged infrastructure, servers, storage and data protection technologies. This provides a trusted foundation for businesses to transform IT, through the creation of a hybrid cloud, and transform their business through the creation of cloud-native applications and big data solutions. Dell EMC services customers across 180 countries – including 98 percent of the Fortune 500 – with the industry’s most comprehensive and innovative portfolio from edge to core to cloud.

    Copyright © 2017 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

  • Press Release

    September 16, 2013

    Global Security Chiefs Deliver Playbook for Developing a State of the Art Security Team

    RSA Releases New Research from the Security for Business Innovation Council

    Story Highlights

    • The Security for Business Innovation Council (SBIC) argue in new report that information security needs to become a cross-organizational function, with security functions embedded into business processes, and security teams working closely with business units on information risk management and cyber threat mitigation.
    • Council members offer seven recommendations to help organizations build state-of-the-art security teams with the diverse skills needed to take on expanded responsibilities in managing risks to information resources throughout the enterprise.
    • The Council’s recommendations are presented in a new report, available today from RSA.

    JOHANNESBURG - September 16, 2013 -

    A new research report released today by RSA, The Security Division of EMC (NYSE:EMC), from the Security for Business Innovation Council reveals the composition of a forward leaning security program – starting with building a next-generation information security team to the lifecycle management of cyber risks in today’s global enterprises.  The last 18 months have seen big changes in the overall requirements for success for information security teams against a backdrop of a hyper-connected business environment, evolving threat landscape, new technology adoption, and regulatory scrutiny.  In response to this changing environment, essential activities and responsibilities of enterprise information security teams are very much in transition.

    The latest report titled, “Transforming Information Security: Designing a State-of-the Art Extended Team,” argues that information security teams must evolve to encompass skill sets not typically seen in security, such as business risk management, law, marketing, mathematics, and purchasing. The information security discipline must also embrace a joint accountability model in which responsibility for securing information assets is shared with the organization’s line of business managers and executives who are beginning to understand that they ultimately own their own cyber risks as a part of business risk. Many of the advanced technical and business-centric skills needed for security teams to fulfill their expanded responsibilities are in short supply and will require new strategies for cultivating and educating talent, as well as leveraging the specialized expertise of outside service providers.

    To help organizations build a state-of-the-art extended security team, the Council drafted a set of seven recommendations, which are detailed in its new report.

    1. Redefine and Strengthen Core Competencies – Focus the core team on increasing proficiencies in four main areas: cyber risk intelligence and security data analytics; security data management; risk consultancy; and controls design and assurance.
    2. Delegate Routine Operations – Allocate repeatable, well-established security processes to IT, business units, and/or external service providers.
    3. Borrow or Rent Experts – For particular specializations, augment the core team with experts from within and outside of the organization.
    4. Lead Risk Owners in Risk Management – Partner with the business in managing cybersecurity risks and coordinate a consistent approach. Make it easy for the business and hold them accountable.
    5. Hire Process Optimization Specialists – Have people on the team with experience and certifications in quality, project or program management, process optimization, and service delivery.  
    6. Build Key Relationships – Develop trust and influence with key players such as owners of the “crown jewels,” middle management, and outsourced service providers.
    7. Think Out-of-the-Box for Future Talent – Given the lack of readily available expertise, developing talent is the only true long-term solution for most organizations. Valuable backgrounds can include software development, business analysis, financial management, military intelligence, law, data privacy, data science, and complex statistical analysis.

    Executive Quotes:

    Stephan Le Roux, District Manager, RSA Southern Africa, RSA, the Security Division of EMC
    “For this transformation to be successful security must be seen as a shared responsibility that requires active partnerships to manage the inherent risks to the business in the ever-evolving threat landscape.  It is imperative that organizations can develop a security team with the right expertise needed to get the job done.”
    Bob Rodger, Group Head of Infrastructure Security, HSBC Holdings plc.
    “The core security team’s expertise should be primarily focused on delivering consulting, providing direction, driving strategy, identifying and explaining risks to the business, understanding threats, and moving the organization forward – not be encumbered by the day-to-day routine operational activities.”

    About the Security for Business Innovation Council

    The Security for Business Innovation Council is a group of top security leaders from Global 1000 enterprises committed to advancing information security worldwide by sharing their diverse professional experiences and insights. The Council produces periodic reports exploring information security’s central role in enabling business innovation.

    Contributors to this report include 18 security leaders from some of the largest global enterprises:

    ABN Amro FedEx Corp. JPMorgan Chase
    ADP, Inc. Fidelity Investments Nokia
    Airtel HDFC Bank Ltd. SAP AG
    AstraZeneca HSBC Holdings plc. TELUS
    Coca-Cola Intel T-Mobile USA
    EMC Corp. Johnson & Johnson Walmart

    Additional Resources

    About Dell

    Dell EMC, a part of Dell Technologies, enables organizations to modernize, automate and transform their data center using industry-leading converged infrastructure, servers, storage and data protection technologies. This provides a trusted foundation for businesses to transform IT, through the creation of a hybrid cloud, and transform their business through the creation of cloud-native applications and big data solutions. Dell EMC services customers across 180 countries – including 98 percent of the Fortune 500 – with the industry’s most comprehensive and innovative portfolio from edge to core to cloud.

    Copyright © 2017 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

About Dell Technologies

Our Capabilities

Perspectives

Corporate

Connect With Us

Dell Technologies