Security Basics mailing list archives
Benchmarking security posture
From: ttate () ctscorp com
Date: Thu, 21 Dec 2006 1:35:21 PM+0500
I just got out of an interesting meeting with several executives (primarily in audit, finance & treasury). This was really the first opportunity that I have had to sit with this group and discuss infosec as a business requirement versus compliance requirement. So, I went into the meeting thinking it would be a session to talk about awareness of risks and the tenets of infosec (CIA, protect, detect, respond and recover). I had a wakeup call from this group and am looking to you as my peers for some help in the areas where I could use some assistance in communicating to the business leaders. Basically I came across as talking at too abstract of a level without details about security and how it affects my company. This was even with using specific examples of "we can pursue XYZ type of business if we have these ABC types of security practices in place". My question to the attendees was: what types of business do you want to be in? Basically, I was using the approach that security can be a business enabler and not just an insurance policy. We are a manufacturing company. I was also trying to get a better understanding of the types of customers we currently serve and what the risk is if any data from those types of business is compromised. You know the analogy that infosec is like the brakes on a car, they are not there to slow you down but so you can go faster. Maybe you can get better use of that analogy than I can ;) The result of this conversation was that I was told that I should know enough about the business to propose a plan that is benchmarked against other similar sized organizations in the same industries. So, where this leads me then is: Where do I find information about infosec postures at organizations similar in size ($500M-1B in revenues) and in industry (manufacturing)? I know that I can ask you folks as peers and I am definitely grateful and appreciate your assistance, but do you have any sources where you get similar information? Thanks for any feedback and hope everyone has a safe and happy holiday season & may 2007 be a great year for all!! Regards, Troy Tate
Current thread:
- Benchmarking security posture ttate (Dec 21)
- RE: Benchmarking security posture Tony UcedaVĂ©lez (Dec 29)