|
Security is now front and center because of world events and also because of continual waves of new technologies and vulnerabilities. This turmoil means that security initiatives must be ongoing and never finished. Enterprises should strive for "due care," "due diligence" and "commercially reasonable security." However, there are no specific definitions for these terms. Also, in some cases, "good enough" is not good enough; in others, it's perfectly fine.
This issue of the Security and Privacy Spotlight shows how enterprises can improve their security, regardless of the status of their security programs (see "Improving Enterprise Security," AV-15-1568). Enterprises must also do what is appropriate, which seems a little vague, especially because most enterprises want specifics. Generality is necessary, however, in the case of security, because boundaries are unclear — risk profiles, threats, vulnerabilities and cultures are different for each industry, enterprise and geography.
Although a holistic view is necessary, it's also important to focus on the parts of the whole; the end result will be an improved security program overall. Therefore, we offer specific advice on elements that can be made stronger in the security triad of people, process and technology.
Your inquiries and comments are welcome.
Victor S. Wheatman
Editor in Chief
Security and Privacy
spotlight.feedback@gartner.com
|
