Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Securing decentralised organisations
Cyber Security: A Peer-Reviewed Journal,
6
(1),
6-13
(2022)
Abstract
This paper compares efforts required to secure a centralised organisation and a conglomerate (holding structure). Achieving a uniform level of security across a conglomerate is more challenging due to the nature of the organisational structure — ie every subsidiary is independent, so each can define its own processes and select how to implement global security guidelines. Implementing security measure in a conglomerate is an equivalent of managing a distributed project. Having a very strong governance function is the only way to make such an endeavour successful. Governance function, by itself, is not sufficient, but additional impetus must come from individual headquarters and the holding company itself. Security is different from other organisational functions (eg payroll, sales, etc.) because of the relationships between individuals from different subsidiaries, which can be used to more easily compromise the organisation.
Keywords: cyber security; organisational structure; conglomerate; holding company; organisational governance
The full article is available to subscribers to the journal.
Author's Biography
Damir Rajnović Damir (Gaus) Rajnović has been actively involved in the computer security arena, mainly incident response and coordination, since 1993. He joined Cisco a few months before Y2K event and for the next 13 years worked on product security-related matters within Cisco and in the industry as a whole. Gaus currently works for Panasonic as a Senior Cyber Security Manager for the European region. This encompasses product security (design and vulnerability handling) and internal IT security. Additionally, he is a part of the team that formulates Panasonic policies and strategies for the European Union region in areas of security and privacy. His external engagements are focused on improving general security and product security through organisations such as Forum of Incident Response and Security Teams (FIRST) and Global Forum on Cyber Expertise (GFCE). Additionally, Gaus acts as a subject matter expert in standard-setting organisations such as ISO and ITU, where he is working on standards related to cyber security, product security and vehicle cyber security engineering. He was an invited lecturer for the MSc Information Technology Security course at Westminster University in the period 2007–9 and the author of a book Incident Response and Product Security published by Cisco Press.
