Security Management Strategies for the CIORequires Free Membership to View
So how can a security leader or team go about doing this? Part of the method involves figuring out what is important to the business, which means getting face time with the senior management team. They all have other jobs to do, so persistence is a must, but be sure to sit down with them to find out what's important and what needs to be protected.
Then take a baseline of the current systems, sometimes called a risk assessment. This establishes the systems' current position and will provide the basis for the gap analysis, which is the difference between the current position and the place the senior team thinks the systems ought to be.
Finally, present the findings with both a triage plan (to address serious issues that put critical data at risk), and a long-term strategic plan. Then start executing on the plan, hitting milestones and gradually, incrementally building credibility.
Of course, it's not that easy, but that's the general process. To be considered a peer, security pros must speak the language of business. Once that level of credibility is reached, it will be much easier to get the security mindset implemented.
More information:
- Learn how to deploy NAC as a security policy.
- Explore your enterprise policy management options with this tip from security expert Ed Skoudis.
This was first published in July 2008
Join the conversationComment
Share
Comments
Results
Contribute to the conversation