The weight of the function of Government of Security
The role of Security Governance is becoming increasingly important in the daily operations of organizations, as swift, relevant, and proportional decision-making regarding information security has become crucial for business.
It no longer only serves the purpose of ensuring proper risk management in information handling, but also contributes to the ability to generate, maintain, and differentiate business value in the market, where intangible aspects such as explainability, transparency, trust, and reputation are increasingly important.
Today, organizations, regardless of their size, sector, or maturity, tend to focus their business on exploiting their data, whether it's customer behavior, product data, or data derived from more or less complex analytics to reach competitive insights.
And for this reason, the support that security governance provides to strategic management is crucial in contributing to the achievement of global objectives. An example of this is the latest update of the cybersecurity framework published by the NIST, which identifies the governance function as essential to providing the other functions (identify, protect, detect, respond and recover) with the context of the mission and expectations of all stakeholders, which is so necessary to achieve their own objectives.
New scenarios, same practices
If we go back to the etymological origin of government, that of piloting a ship, an army, or a society, it remains fully valid. The ancient Romans already had well-established mechanisms of government to achieve their mission: the expansion of the Empire through the conquest of new territories.
In addition to being great strategists, they had clearly hierarchical structures in their armies (slaves, couriers, cartographers, translators, centurions, etc.) where each member knew their role and their contribution to achieving the mission. These members carried out their actions in a regulated and procedural manner and were governed by specific legislation, aligned with that applied to the rest of society.
And they even had the great philosophers, who sought answers to old questions or posed many new ones, a clear symbol of a quest for continuous improvement...and how can we not mention their memorable spies, key in detecting the weaknesses of enemies to be conquered and understanding their way of operating.
Contained optimism
After this analysis, it seems clear that governance practices have not evolved significantly, and perhaps this fact is, paradoxically, a silver lining in the face of the dizzying prospect of changing, disruptive, and, why not say it, almost dystopian environments we have been facing in recent months in terms of Information Security.
If the role is well-defined, approved, and agreed upon, with an organizational structure that supports it, and ongoing coordination with the Directorate, it will be possible to guarantee the orchestration of resources aimed at anticipating new storms, improving our roadmap, equipping our ships with new technologies, training our military for new challenges, strengthening our lines of defense, and being able to adequately manage newly conquered third-party territories. And why not, contribute to the resolution of new ethical dilemmas that our ancestors never managed to pose.
And always keeping in mind that today, more than ever, human intervention (and not the divine intervention of the Roman gods) is necessary to ensure that the principles and ethical pillars of our society are preserved.
Learn much more in our Professional Master in Cybersecurity, Ethical Hacking and Offensive Security.
