How To Talk About InfoSec To Your Board Of Directors

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/risk/how-to-talk-about-infosec-to-your-board-of-directors/a/d-id/1251100

By Steve Durbin
Dark Reading
5/19/2014

In our global economy, the rapid evolution of technology has caused a 
massive shift in the information security landscape.  Businesses are 
finding that they have more limited resources than ever before which must 
be prioritized to areas of greatest need or return. The task of 
determining priorities is difficult in itself; the imperative is 
delivering more for less, both in terms of new investment and existing 
resources.

These monumental challenges cannot be met by a compartmentalized IT 
strategy because every piece of the modern enterprise runs on connectivity 
and data. Information technology runs through every department; so must 
information security initiatives. Today's chief information security 
officers (CISO) need to be proactive in promoting and supporting new 
business based on strong information security and sound business-based 
risk assessment.

As a result of these trends it is essential for CISOs to connect with the 
Board of Directors and approach technology and security initiatives with a 
risk vs. reward mindset. Too often new technologies are adopted as a way 
of differentiating to gain advantage over competitors. But without a 
robust, cost-benefit-risk analysis, organizations could end up standing 
out for all the wrong reasons.

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/