Jury View

A journey to make

Information security is a journey that can’t be completed in a day. The security strategist must travel this path with care, says Prasad Natu, GM, Shared Services, ITC.

Information security is a journey that every security strategist has to make. What differentiates a good security strategist from another is the extent of initiatives that the person takes to make an organisation more secure and the business more aware of security.

The strategist must ensure that information security in an organisation is maintained in a structured manner without any negative impact on the business. This is a delicate process, and needs a person who knows how to balance business and processes in his organisation.

After going through all the presentations made by the nominees, I feel that all of them have taken security as a serious business initiative. All the strategists have been successful in changing the way that their companies work.

These strategists have focussed on creating awareness about security at the highest levels in their companies. They have successfully gathered support from the board, and even from their chairmen, head councils or committees. These are persons who act as the highest authority for enterprise information security.

An interesting pattern is that most nominees who had taken up information security-focussed initiatives in their organisations about two years ago have seen their efforts bear fruit and their companies progress in business.

Awards such as the Security Strategist add a lot of value to the industry. The entire process is not only about giving an award to what a person has done, but it’s also about creating awareness across the industry about the role and importance of information security.

The selection process for shortlisting the nominees was objective and the co-ordination for the jury meet was done well. The changes made in the selection and shortlisting criteria created a broader base of companies that could participate.

My organisation had participated in the Security Strategist Awards last year. I was here to make a presentation on behalf of my company, which won me an award. This year, on receiving the invitation to be a member of the jury, I was very enthusiastic to take up the responsibility. It feels wonderful to be at the helm of such a prestigious affair.

An aspiring security strategist must create a roadmap of information security for the company, and even take a cue from experienced security strategists and winners of awards such as these.

It isn’t necessary to spend a lot of money to deploy information security. All the nominees who were shortlisted had separate budgets for IT out of which a certain amount was allocated to information security.

Just because an organisation allocated a lesser amount of money or a smaller percentage of its annual turnover for IT and information security does not mean that the company is less secure than any other organisation. The security strategist must have the right approach, method and will to achieve the defined goals.