IT security is never a once and done with deal. Constant updates are completely necessary if a company hopes to maintain a competitive edge. Heidi Shey suggests that you need to examine all components of IT security in her article. It seems that looking to the future, as Shey suggests, is the best course of action:
Keeping up with the threat and IT landscape, looking ahead to future technology and disruptive technologies, and keeping up with the regulatory landscape to identify what it means to your organization is no small task. It’s also not a technology issue, but one that involves your most valuable asset: people. S&R pros, call it maintaining your security edge: keeping skills fresh, encouraging new ideas to flow, and preventing the security group from getting stale and set in their ways and habits. Fail to invest in your people, and an exodus of talent will [be]the least of your concerns as a new type of internal threat is born.
Shey approaches the topic of maintaining your security edge from three angles which include individual security contributors, the security group as a whole, and the company as a whole. According to Shey, individual security contributors are the people that need fresh skills and the ability to network with their peers. Organizations should make certain that these people are awarded opportunities to take classes and attend conferences so that they may hone their skills. Their increased skill set will mirror your increased security.
Shey also suggests looking at the security group as a whole and viewing the company as a whole. In some cases, if security groups are left to their own devices, the outcome could be less than optimal. If you were to bring in new faces with new ideas, as Shey suggests, the likelihood of the security group forming their own impenetrable group would decrease. If you look at the company in the same manor, you will see that the employees are the first line of defense. If you assess the tools an employee has to deal with security management before you gauge their personal skill level for the task at hand, you will most likely save some money. There are many ways to maintain your security edge, and perhaps the first and most simple way to do this is to look at your issues from new angles.