Gartner Blog Network

2013 is the Year for Hard Change in the Risk and Security Profession

by Paul Proctor  |  January 28, 2013  |  1 Comment

After more than 10 years of evolution it’s time to hit the reset button on security and risk management. Your approach, your career, and your responsibilities all need hard change. There are many truths we have all known for years but culture changes slowly.

2013 is the tipping point where risk and security professionals have to kick evolution into high gear and engage their world differently.

-              We are no longer the group responsible for protecting the organization from cyber threats, we are the group that helps stakeholders balance the need to protect the business from the needs to operate the business.

-              We no longer focus exclusively on the technology of security, we engage all the controls at our disposal including behavior change, process, and technology controls.

-              We no longer seek to prevent every possible threat, we assess and prioritize risks to support conscious choices about what will and will not be done to address threats.

-              We are no longer buried deep in IT, we understand the impact IT risk and security has on business outcomes.

-              We no longer rely on smart people who know what to do, we formalize are programs with repeatable, survivable, and measureable processes.

The risk and security revolution is over and WE won! Now it’s time to reset how you work.

-              Stop using older control technologies such as firewalls and upgrade to next generation firewalls

-              Stop treating your DLP like a data firewall and see how it can be a powerful force to change user behavior.

-              Stop confusing non-IT stakeholders with IT jargon and see how to communicate effectively to executives and boards of directors.

-              Stop reporting failed operational metrics and engage in leading risk indicators to influence business decision making.

Listen to this replay of a webinar on running, growing, and transforming your risk and security program. It’s open to all. If you aren’t a Gartner client just click sign in to register.


Paul Proctor
VP Distinguished Analyst
10 years at Gartner
28 years IT Industry

Paul Proctor is a vice president, distinguished analyst, and the chief of research for security and risk management. He helps organizations build mature risk and security programs that are aligned with business need. Read Full Bio

Thoughts on 2013 is the Year for Hard Change in the Risk and Security Profession

  1. One could go back 6 years and read about the Gartner EXP distribution of CIO’s. 70% were fire-fighters, 20% were happy and would not consider changing and only 10% were the forward looking strategic CIO’s (FedEx, P&G, etc).

    I believe this distribution is not the same today, It is a transformational journey, some will stay some will not – business will demand change.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.