Information security is a strange area to be associated with.
When I started out on my CISA, CISM and CDPSE journey, I thought my experiences were good enough. While certifications were one part of that stick, the other end was more subjective and human-centric.
Some of the key challenges I have seen companies face with information security are:
- Culture gaps: They do not have the resources nor the foundational security by design paradigm built in.
- Growth vs ROI: The ROI on information security is just isn’t realized or fulfilled because product growth, new sales and net revenue margins are more important than security and compliance
- Immature product design and development practices: Any product company or startup would resonate with this aspect, where lack of secure coding practices, reviews and unit tests/penetration tests etc., do not matter to companies.
There are many other areas where information security hurdles are noticeable, but these are some of the key issues.
If you would like to learn more, please email vineet.sinha@nestor.sg
Compliance Knowledge Central 