Everybody owns [infrastructure] when they don’t want you to touch it, but nobody owns it when it’s their bum on the line if things go wrong
Building on the MSS relationship not only allows Foxtel to be more proactive in maintaining its security posture, but supports interactions with executives who are less concerned with technical minutiae but think of IT security in terms of business risk.
Analysis of internal cost-recovery claims is a great way to marry IT-security activity to potential business change: once the IT staff know which business units are paying for what systems and services, it’s much easier to know how any potential security issue will affect which parts of the business. Everybody owns it when they don’t want you to touch it, but nobody owns it when it’s their bum on the line if things go wrong.”
Shaw has often found it’s easier for an internal security organisation to get leverage with other business units by handballing the bad news to the MSS: “it’s always effective bringing in external parties to talk to your executives,” he laughed. “Your executives are not going to give you budget unless you can marry together the value from MSS, actionable intelligence – unless you can demonstrate the value to the business and where the business is trying to go.