HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 77 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Featuresarrow Opinionsarrow [Article]-InfoSec in the Boardroom
EH-Net
May 26, 2012, 08:45:19 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: [Article]-InfoSec in the Boardroom  (Read 12470 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 3917


Editor-In-Chief


View Profile WWW
« on: December 29, 2011, 03:04:08 PM »
New friend and EH-Netter, Eli Sowash, wants to take a spin at sharing his thoughts and opinions with the community. Please read his thoughtful article and let us know your opinions as well.

Permanent link: [Article]-InfoSec in the Boardroom

Quote


Eli Sowash, CISSP

As an information security professional, the task of communicating InfoSec concepts and concerns to executive management can sometimes be challenging. That security breaches like Sony, RSA, and Lockheed are grabbing mainstream media attention means security ideas and concerns are increasingly making their way to the boardroom. Since executive support can be one of the most valuable tools in the InfoSec professional’s toolbox, using these case studies with your own management can be a great starting point in letting them know that the security team understands the risks to the business.

It’s the job of an organization’s executive management to set the strategic direction, and building a relationship with the management team can mean incorporating proper security practices into the business process at the highest level. InfoSec professionals can then parlay this seat at the table with the baby step of an awareness program, which is a great way for management to lead by example.

We are all being called upon to answer to and collaborate with senior management differently than in years past. Here are three tips I’ve found that help to explain our world to the businesses we’re protecting. 


Thanks,
Don
Logged
CISSP, MCSE, CSTA, Security+ SME
cd1zz
Sr. Member
****
Offline Offline

Posts: 393


View Profile WWW
« Reply #1 on: January 03, 2012, 08:10:55 AM »
I've been talking about this with other colleagues lately. It's great that these issues are finally getting to executive management and Sowash certainly highlights the challenges communicating these complex issues to non technical people. His advice is pretty basic, but that's what makes it useful I think. We use these same tactics when we're debriefing our clients on our findings. I've also been on the operations side and had to use these tactics to try and get budget dollars to solve problems I was facing at the time. The biggest takeaway from this article and general advice is not to run into exec management waving your arms in the air and trying to scare people into decisions. It just doesn't work at this level. I do think that the media hype of high profile attacks can be brought up delicately to help support an argument.

I completely agree with the author in that you have to be unemotional about these problems, stay logical and keep in mind the execs frame of reference is going to be quite different than you as an info sec professional.
Logged
OSCE | OSCP | OWSP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.321 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.