Everyone agrees with statements like “security should be integrated in the organization” and “one must follow best practices”, but few people know how to achieve this.
In practice, the security people only get involved at the end of a project to “make it secure”. They make technical choices that the rest of the organization does not understand or is too little involved with. As a consequence information security is, more often than not, seen as the “business disablement department”.
Ascure has assisted multiple organizations to (re)structure their IT security teams and to embed security in the IT organization and project life cycle. The (technical) choices that are made are always related back to the risks identified by the business; thus creating buy-in from the business. By following this business-driven approach Ascure has helped these organizations in transforming the Information security team into a business enabler.