Last year, I had an interesting and exciting experience of visiting Silverstone circuit and watch a car race. What an excitement!!
I managed to get up close and personal to the circuit, pits, cars and drivers. That was an amazing experience personally but I was able to relate to a lot happening there to our field, Security.
If you ask someone,“Why do cars have brakes?” The typical answer you are going to get is ‘to slow down or stop the vehicle’. In reality, if you ask this question to a race driver, slowing down or stopping the car is last thing on his mind. He has only one objective in his mind, ‘go faster and get to the checker flag first’.
In reality, good brakes provide him confidence to go faster because he knows that whenever there is a need to slow down because of an incident or approaching sharp bends and corners, good brakes will slow him down within desired distance so that he can get back to his business quickly, that is, accelerate faster and get ahead in the race.
In my view, same analogy applies to the relationship between security and business. The purpose of Information Security’s existence is to ensure business can go fast, that is, innovate while security function provides the confidence that business can fulfil their obligations towards shareholders without worrying about sharp turns and bends because good security controls will ensure that business is able to manage their risks within risk appetite.