Security Basics mailing list archives
RE: InfoSec Importance
From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 2 Jun 2006 11:06:15 -0700
I am trying to convince my management of the importance of having a security officer in the enterprise. I have googled the topic, but not much was found. I would really benefit from your suggestions on how to approach the management.
They *may*, just possibly, have convinced themselves that "security is everybody's job", but the fact is that everyone else is already doing some other job and so the actual effect is "security is nobody's job". Unless the enterprise is really really small, it needs somebody whose primary responsibility is security. Hopefully, you don't need to just scare them into agreeing that security is a necessary part of doing business -- they should already be at that point. It's just that there needs to be a person dedicated to making sure that it happens, a central point of contact between IT, HR, counsel, facilities, loss prevention, audit, etc, so that these various efforts reinforce each other instead of duplicating efforts or undermining each other. Experience suggests that there are two common languages which will get the attention of most managers and executives: money and jail. While a security officer can assist with compliance efforts (stay out of jail), the main thrust should be on reducing liability and risk. [Make it clear that the Security Officer is, first and foremost, a *business* position and not a *technology* position. Technical literacy is going to be important, but it needs to be filtered through an understanding of business priorities and costs/benefits.] David Gillett CISSP CCSE CCNP
Current thread:
- How can I track this down? Nick Duda (Jun 01)
- RE: How can I track this down? Roger A. Grimes (Jun 01)
- Re: How can I track this down? ilaiy (Jun 01)
- InfoSec Importance Mohamad Mneimneh (Jun 02)
- RE: InfoSec Importance Andrew Chong (Jun 02)
- RE: InfoSec Importance David Gillett (Jun 02)
- Re: InfoSec Importance Nick Owen (Jun 02)
- Re: InfoSec Importance Chris Dalton (Jun 05)
- Re: How can I track this down? ilaiy (Jun 01)
- RE: InfoSec Importance SS (Jun 02)
- Re: InfoSec Importance infosecadmin (Jun 05)
- RE: How can I track this down? Roger A. Grimes (Jun 01)
- RE: How can I track this down? Erin Carroll (Jun 09)
- <Possible follow-ups>
- RE: How can I track this down? Portz, Jon (Jun 01)
- Re: RE: How can I track this down? dlong (Jun 02)