The linchpin of effective IT security is a combination of both reactive and proactive approaches, applied nimbly as needed.
Achieving that requires an IT group staffed with the most suitable people for the job, and the participation of everyone across the organisation.
It's not uncommon for IT and help desk staff to land roles in the security programme due to their technical prowess… but the help desk mentality is quite different from the security mindset. Those on the help desk react to what has happened, or what is currently happening.On the other hand, effective IT security requires the ability to be both reactive and proactive. Certain situations – such as the discovery of malicious code – require that the IT security team resolve the symptoms or immediate pain of a problem as quickly as possible. However, it's critical that the team can do more than apply their technical skills to remedy the issue staring them in the face.
Ideally, IT security team members will be able to complement their technical adeptness with the ability to proactively address security. For instance, they should consider and account for the ways that security policies and decisions affect groups like HR, marketing, and sales.
This mindset is particularly vital in today's business environment. Hackers and others with nefarious intent are leveraging increasingly sophisticated tools and means to infiltrate business networks. Moreover, with the use of social networks and mobile devices, employees and partners often unknowingly serve as conduits to their organisations' networks.
A combination of a proactive/reactive mindset can go a long way toward minimizing the impacts of potentially damaging scenarios.