Eli Sowash, CISSP

As an information security professional, the task of communicating InfoSec concepts and concerns to executive management can sometimes be challenging. That security breaches like Sony, RSA, and Lockheed are grabbing mainstream media attention means security ideas and concerns are increasingly making their way to the boardroom. Since executive support can be one of the most valuable tools in the InfoSec professional’s toolbox, using these case studies with your own management can be a great starting point in letting them know that the security team understands the risks to the business.

It’s the job of an organization’s executive management to set the strategic direction, and building a relationship with the management team can mean incorporating proper security practices into the business process at the highest level. InfoSec professionals can then parlay this seat at the table with the baby step of an awareness program, which is a great way for management to lead by example.

We are all being called upon to answer to and collaborate with senior management differently than in years past. Here are three tips I’ve found that help to explain our world to the businesses we’re protecting.