Perhaps. Security and privacy have a relationship with IT. “IT” is a broad area and it is getting wider. That is, almost everything we touch these days is a type of technology, so IT has to be responsible for a lot. Security is really a specialist area that shouldn’t be rolled up into “IT”. It sits above technology, between the business, the decisions it makes, the policies it has in place, and the systems it uses. More than anything, security is complex and rapidly changing. We believe it is increasingly unrealistic to expect “IT” or your telco provider to do a great job of keeping on top of your business’s security and privacy responsibilities. That’s why it is increasingly common for security to be managed or owned by a “C” level executive – separate from the CIO and CTO and reporting directly to the CEO and board of directors. Similarly, boards increasingly have a security-aware director who may or may not have a technology background. What these things have in common is the recognition that security should be a priority, it is a specialist area, and it isn’t something that IT generalists should be expected to be experts at. But not every business has a realistic opportunity to find, hire and retain experienced, dedicated security staff. It is one of the most scarce skill areas and requires considerable experience, training and study. That’s our main motivation for offering enterprise-level security and privacy skills and services to all New Zealand businesses, as a clearly-defined service.
