3 Ways Organizations Will Act In 2017 On Their Security Programs

Option 1: Organizations will try to defend themselves with the help of a diet pill strategy.

In the year 2017, organizations will be seen taking many shortcuts in the pursuit to do something with their security systems. Many don’t know, but security program development process takes a bit time and is basically process based. The main function of the program is to provide organized information for effective decision making.

The Security program ensures to filter information from different sources. They know the information gathered is not perfect and that it requires going through inference, interpretation, and research to make it useful and instrumental in decision making. Even today, humans perform these functions of repeatable processes.

But, there is always Diet Pill salesman to take of these things that require energy and time to accomplish.

In the year 2017, a diet pill strategy will be considered in security technologies for solving current states of information security. In spite of the great benefits that artificial intelligence can give to society, the environment is still not ready to absorb it. Basically, the environment takes a lot of time to change except modern organization.

The technologies have both value and merit. However, since they are emerging tools, they are to be used in a security program and cannot be left to operate on their own. The scenario might change in the year 2027, but in 2017 artificial intelligence still, cannot be termed as effective as human decisions against repeatable and defined security program processes.

Humans always seek fast results. This will make many organizations fall for the diet pill. Many security programs will be developing in the near future and there will also be many companies to buy them in 2017.

Option 2: The more expensive diet pill strategies like ISO 27001 will begin to lose favor

Some time back, ISO certifications were very much in trend. Organizations would obtain certifications for their security programs to make them look legit. The companies would then hire consultants and would work on their ISO program for the multi-year certification. This trick worked for a while, but soon people realized that just having an ISO certificate doesn’t make a security program efficient.

Although these certification programs can improve information security capabilities in a corporation, the truth is that they are more focused to make you meet their requirements. Their requirements are capable of hindering your organization’s capability of making an effective security system. For instance, if you have a robust policy that aligns with ISO certification requirements, it won’t confirm that the policy would help in improving your security systems.

Moreover, you are supposed to go through a lot of red tapes and paperwork to obtain an ISO certificate. Companies have soon realized that these ISO certifications are pretty much like diet pills, which take a long time to make your organizations fatter. I have been attending meetings once every month with different organizations with certifications. I wanted to tear them but never used to see that.

There are in fact many companies who shy away from getting these certifications because the idea of up-front resourcing and the relentless effort to get them freaks them out. These companies are in need of time-appropriate solutions that can help them to have less impact on their front end while helping them in thwarting continuous attacks they have been experiencing for a while.

According to me, these experiences of different organizations will ultimately result in decreasing adoptions of these programs and frameworks compared to what we have seen in the past.

Option 3: Security Program Development will lead security initiative in most of the organizations

I truly believe that the year 2017 will be the year for security program development. The programs focus on implementing 4 different functions in an organization. The 1st function is the ability to set a benchmark, the 2nd is the ability to measure the environment against the benchmark; the 3rd is the ability to take issues and gaps, which have been identified during measurement and then present them in front of the management for having more informed decisions. Lastly, the 4th is the ability to support all the implementation of the decisions taken. The times have changed and now, except for the line – “We need an assessment”, I can also hear people asking for security systems that can support their business instead of restraining it.


I think, this year 2017 will be a year of action and more organizations will realize the true meaning of security systems. Let’s hope for a great year ahead!

Related Articles:

2017: The Year of Security Program Development

How should you protect your online accounts?

Need information on Security Program Development? Contact one of Information Security Experts.

Mike Gentile

CISOSHARE’s President and CEO
Mike Gentile has been helping organizations build Information Security Programs for more than 20 years. He has written multiple recognized books on the subject, provided hundreds of presentations, and built many Security Programs in both internal and external consulting roles