Developing a state-of-the-art security team

October 2013 News

A new research report released by RSA, the Security Division of EMC, from the Security for Business Innovation Council reveals the composition of a forward leaning security programme, starting with building a next-generation information security team to the lifecycle management of cyber risks in today’s global enterprises. The last 18 months have seen big changes in the overall requirements for success for information security teams against a backdrop of a hyper-connected business environment, evolving threat landscape, new technology adoption, and regulatory scrutiny. In response to this changing environment, essential activities and responsibilities of enterprise information security teams are very much in transition.

Stephan le Roux, district manager of RSA.
Stephan le Roux, district manager of RSA.

The latest report titled, 'Transforming information security: Designing a state-of-the art extended team', argues that information security teams must evolve to encompass skill sets not typically seen in security, such as business risk management, law, marketing, mathematics, and purchasing. The information security discipline must also embrace a joint accountability model in which responsibility for securing information assets is shared with the organisation’s line of business managers and executives who are beginning to understand that they ultimately own their own cyber risks as a part of business risk. Many of the advanced technical and business-centric skills needed for security teams to fulfil their expanded responsibilities are in short supply and will require new strategies for cultivating and educating talent, as well as leveraging the specialised expertise of outside service providers.

To help organisations build a state-of-the-art extended security team, the council drafted a set of seven recommendations, which are detailed in its new report.

1. Redefine and strengthen core competencies – Focus the core team on increasing proficiencies in four main areas: cyber risk intelligence and security data analytics; security data management; risk consultancy; and controls design and assurance.

2. Delegate routine operations – Allocate repeatable, well-established security processes to IT, business units, and/or external service providers.

3. Borrow or rent experts – For particular specialisations, augment the core team with experts from within and outside of the organisation.

4. Lead risk owners in risk management – Partner with the business in managing cyber security risks and coordinate a consistent approach. Make it easy for the business and hold them accountable.

5. Hire process optimisation specialists – Have people on the team with experience and certifications in quality, project or programme management, process optimisation, and service delivery.

6. Build key relationships – Develop trust and influence with key players such as owners of the 'crown jewels', middle management, and outsourced service providers.

7. Think out-of-the-box for future talent – Given the lack of readily available expertise, developing talent is the only true long-term solution for most organisations. Valuable backgrounds can include software development, business analysis, financial management, military intelligence, law, data privacy, data science, and complex statistical analysis.

The Security for Business Innovation Council (, or use this short link*SecurityCouncil) is a group of top security leaders from Global 1000 enterprises committed to advancing information security worldwide by sharing their diverse professional experiences and insights. The Council produces periodic reports exploring information security’s central role in enabling business innovation. Contributors to this report include 18 security leaders from some of the largest global enterprises.

Download the Security for Business Innovation Council Report at, or use this short link*SecurityTeam.

For more information contact EMC South Africa, +27 (0)11 581 0033,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Plan your media strategy with Technews Publishing
October 2019 , News
Dear Marketer, Have you ever looked back on a year and wondered how you survived it? For the majority of South Africans, 2019 started benignly enough, cosily wrapped in the blanket of Ramaphoria that ...

The Open Security & Safety Alliance celebrates first anniversary
October 2019 , News
Membership triples within first 12 months; ongoing industry work reduces market fragmentation and friction across security and safety landscapes.

AWS launches Equity Equivalent Investment Programme
October 2019 , News
Amazon Web Services launches Equity Equivalent Investment Programme with the department of trade and industry to help more South African businesses to innovate.

2020 Residential Estate Security Conference in KZN
October 2019, Technews Publishing , News, Residential Estate (Industry)
Meeting the residential security challenges in 2020 and beyond: Hi-Tech Security Solutions will host the Residential Estate Security Conference 2020 in Durban on 12 March 2020.

Kaspersky uncovers zero-day in Chrome
October 2019, Kaspersky Lab , News, Cyber Security
Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser.

Drones and Digital Aviation Conference
October 2019 , News, Conferences & Events
Drones have opened airspaces for everyone in ways that humans had not imagined; to the extent that there is a drone to almost every kind of problem on earth. Drones already have the ability to increase ...

From the editor's desk: More things change
CCTV Handbook 2019, Technews Publishing , News
Welcome to the CCTV Handbook 2019. This year’s handbook breaks a long tradition of publishing the handbook in the first half of the year by releasing it along with the October issue of Hi-Tech Security ...

From the editor's desk: Six-and-a-half impossible things
October 2019 , News
When it comes to people named Alice, there are two that are noteworthy in the greater scheme of things and specifically when it comes to security in South Africa. Interestingly enough, they both faced ...

Invixium and Pyro-Tech partner in South Africa
October 2019 , News, Access Control & Identity Management
Invixium, a manufacturer of IP-based biometric solutions and Pyro-Tech Security Suppliers have announced a new distribution partnership.

Hikvision achieves ISO 28000:2007 certification
October 2019, Hikvision South Africa , News
Hikvision has announced its ISO 28000:2007 certification, marking a further strengthening of the company's supply chain security assurance.