Anyone who's worked as an IT Professional is likely to have faced the challenge of the need to open up access to information to third parties including customers, partners and suppliers WHILST maintaining an acceptable level of information security.

Your Information Security Policy SHOULD state what access is required, to what information and for what business purpose. Often (as previously discussed) the Security Policy is a target of derision due to it's "pie in the sky" view point where it's not an accurate reflection of HOW BUSINESS REALLY WORKS and therefore the corresponding security controls are meaningless.

I'm not going to say more about the importance of a sensible security policy here as it's well trodden ground (hit the "search" button to the left of this post to read earlier musings on this topic) or consult the blogs of your trusted security advisor(s).

Agility is all about working embracing the dynamic nature of business rather than blocking it due to archane security measures.

Effective Information Security requires "the security team" to work hand in hand with "the business". Security SHOULD allow you to do more with less risk.

What help do you need to enable you to become a business enabler?

I'd love to hear your comments so don't be shy!

BTW: Thanks to the Athena Aerobic team for the thought provoking image