<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Security Risk Management

Security Needs To Open The Drapes

Stephen Boyer | November 5, 2013

We live in an era of rapidly increasing transparency. There is little doubt that access to information, which had once been inaccessible and restricted, is now a few clicks away. This transparency is in many ways a byproduct of the technological advances in digital communication and the advent of platforms that enable easy distribution and access.

To illustrate this transformation, consider the simple task of ordering a product for delivery. Not too long ago, consumers placed orders via mail or phone and then had to patiently wait for the package to arrive. No tracking numbers, no status updates, no visibility into the process. All consumers could do was wait and trust that the process was working. When delivery didn’t meet expectations, the lack of information on or transparency into the package’s whereabouts caused worry and frustration.

Today expectations have changed. From the time we place an order until the moment the package arrives at the doorstep, we have visibility into the operations of the retailer and shipping company. We see when and where the package is “scanned” and can track its journey. If there is going to be a delay, we are notified. We can change our plans and adjust our expectations. This transparency enables us to adapt to change and engenders trust.

The more we can understand how an organization's systems and processes work, the more we can trust that organization to execute and better adapt to challenges should they arise. Although we are witnessing greater levels of transparency in society, government, and business, much of IT security and risk management continues to operate with the curtain drapes firmly closed around its practices and posture. Whether it's due to embarrassment of poor practices, self-protection from litigation, or even attempts to limit what attackers might use to penetrate their systems—too many businesses today work hard to keep the state of their internal security affairs obscured.

This lack of transparency is not without its reasons. However, the practice systemically weakens trust and limits the ability of the business ecosystem to understand and adapt appropriately to the risks. As organizations share sensitive data with and rely upon their partners for the delivery of critical services, they require greater cooperation and transparency to better manage risks. When the transparency and trust break down, the system is weakened. Attackers will exploit the weakest link and all are impacted. The result is a growing list of partnerships with compromised operations that end up in breached records, stolen intellectual property, and increased worry and frustration.

It is time for security to open up the drapes and increase transparency. While increased transparency may be uncomfortable, it is where the world is headed. Our industry should follow suit. Like package delivery, improved visibility into the supply chain will yield greater accountability, more rapid response, and greater trust.

Suggested Posts

3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they...


Cyber Risk Should Be A Growing Concern to the Municipal Bond Market

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers...


Takeaways from the 2017 Gartner Security & Risk Management Summit

This year marked another great Gartner Security & Risk Management Summit with over 3,000 attendees, bringing together CEOs, CIOs, CISOs, IT Directors, Risk Managers, and other risk and security professionals to National Harbor, MD from...


Subscribe to get security news and updates in your inbox.