Governance & Risk Management , Incident & Breach Response , IT Risk Management
Getting the Most From Information Security Investments
How to Avoid Addressing Problems 'Too Far Downstream'Greg van der Gaast, head of information security at the University of Salford in the United Kingdom, has strong opinions on why some security investments aren’t reaping maximum benefits.
See Also: Cloud Security and Developers: Role of Zero Standing Privilege
“We are addressing problems too far downstream,” he says. “If you’re not fixing the root cause of the issues, you’re just going to keep spending.”
Too many organizations take a reactive approach to security, rather than applying proper detection and prevention methods, he stresses.
In a video interview with Information Security Media Group, van der Gaast discusses:
- How to implement a cost-effective security strategy;
- Why he believes the skills gap is misunderstood;
- How security practitioners can hone their “influencing skills” and drive positive change.
Van der Gaast has over two decades of technical and management experience in information security. In addition to serving as head of information security at the University of Salford, he runs a consultancy, CMCG, or Creative Minds Consulting Group, which focuses on information assurance.