After recently attending a BCS Configuration Management event in Manchester, it was good to reflect upon the subject matter, which centred around the relationship between Software Asset Management and Information Security.
Whilst there was agreement that both were extremely important, robust debate ensued as to whether the responsibilities could be merged into one role and if so, would one area suffer as a result?
Interestingly, different people said the same things about their area of expertise, whether that be InfoSec of SAM, which was that they often found it difficult to gain commitment and/or budget unless aligned to the other or until it was too late and a breach or audit was underway. The conclusion here seemed to be, piggy back and help each other where you can before it’s too late.
An amusing point was that one very seasoned professional commented that he could not see the two areas ever being combined, only to have two other delegates highlight their responsibilities now covered both. Whether these roles were merged for convenience or as a result of clever strategic thinking will no doubt be evident as time progresses but it’s worth watching how this type of amalgamation might develop.
The biggest consensus of the day was that having good processes in place was vital to the success of protecting information and managing hardware and software assets effectively. As part of this, aligning and aiming to achieve the outputs expected from ISO-IEC 19770-1 SAM adds robustness to ISO 27001 Information Security and vice versa, which corresponds with our own experience in the market.
In summary, these industry specific events are worth attending regularly to keep abreast of what’s happening, which can sometimes challenge your own thinking and provide a basis for positive change in your organisation. The conclusion for me in answering the question; Are SAM and InfoSec good together? is yes, they complement each other extremely well and many of the ISO outcomes are similar but to execute them properly, the knowledge and expertise required means, for me, that you need separate star performers that work together as a team to get the best out of both.