Why InfoSec Should Be Separated From IT

The case for taking the information security function out from underneath the IT umbrella.

Deena Coffman, CEO, IDT911 Consulting

December 30, 2014

1 Min Read

Many organizations have historically lumped together the information security (InfoSec) and information technology (IT) functions. Because antivirus software, firewalls, and proxies were primary tools used in securing the network -- and IT was responsible for adopting and implementing those measures -- InfoSec appeared to be subsumed under the broader IT umbrella. But their roles are different and distinct.

Think of IT as the architect of the house and security as the fire code. To be sure, IT fulfills an important role in securing digital information, but so do other departments, executives, and all employees and other network users. As a result of the threat convergence around IT systems, the InfoSec partnership with IT must accordingly be strong, but it's paramount that InfoSec contribute its unique blend of threat awareness, analytics, risk management, and privacy protection separately from IT if the goals are sufficiency, adequacy, and objectivity in securing the organization's information assets are on balance with its cross-functional risk profile.

New defenses for new threats
The risks financial institutions (FIs) face have multiplied in recent years. Cyber criminals have made rapid advances in establishing efficient marketplaces where data-stealing exploit kits can be bought and stolen data sold. Attackers have also refined their approach to social engineering with very authentic-looking phishing emails and corrupt but believable web links. Add in the increased adoption of online banking, social media sites that facilitate sharing personal information, companies that gather wide swaths of sensitive data for marketing purposes (but then leave it unprotected), and mobile applications that support a large percentage of our communications and transactions, and you have a perfect storm of digital security risk.

Read the rest of this story on Bank Systems & Technology.

About the Author(s)

Deena Coffman

CEO, IDT911 Consulting

Deena Coffman is chief executive officer of IDT911 Consulting and has broad experience providing guidance to clients adopting technology or building programs relating to data privacy, data security, and electronic discovery. Prior to joining IDT, she was the chief operating officer for the cybersecurity and information assurance practice at Johnson & Johnson. She also held the position of discovery director, responsible for the secure management of evidence and compliance with global data privacy directives. She earned an MBA from Cornell University's S.C. Johnson Graduate School of Management, an MBA from Queen's University in Kingston, Ontario, and a BA in management from the University of Illinois.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights