Governance & Risk Management , Incident & Breach Response , IT Risk Management

Getting the Most From Information Security Investments

How to Avoid Addressing Problems 'Too Far Downstream'
Greg van der Gaast, head in information security, University of Salford

Greg van der Gaast, head of information security at the University of Salford in the United Kingdom, has strong opinions on why some security investments aren’t reaping maximum benefits.

See Also: Cyber Insurance Assessment Readiness Checklist

“We are addressing problems too far downstream,” he says. “If you’re not fixing the root cause of the issues, you’re just going to keep spending.”

Too many organizations take a reactive approach to security, rather than applying proper detection and prevention methods, he stresses.

In a video interview with Information Security Media Group, van der Gaast discusses:

  • How to implement a cost-effective security strategy;
  • Why he believes the skills gap is misunderstood;
  • How security practitioners can hone their “influencing skills” and drive positive change.

Van der Gaast has over two decades of technical and management experience in information security. In addition to serving as head of information security at the University of Salford, he runs a consultancy, CMCG, or Creative Minds Consulting Group, which focuses on information assurance.

About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.