Home
Topics
Information Security Management
Business Management: Security Support and Executive Communications
How can IT professionals bring security concerns to senior management?

How can IT professionals bring security concerns to senior management?

Shon Harris, past SearchSecurity.com expert

What can be done to make IT security professionals a respected and valued voice to senior management? How can they get the ear of the organization's senior management controlling the purse strings?

Requires Free Membership to View

SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

Michael S. Mimoso, Editorial Director

By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Put everything in business terms and business objectives. This is how senior management thinks and speaks. Do not talk about ports, hackers or intrusion defense systems; they don't understand these issues, and it is not their job to. Today, information security professionals often have to step from behind the computer and understand the businesses that they are supporting. Information security and technical professionals have been frustrated with management ever since these different groups existed because management looks at the company differently. They use different languages, different acronyms and different tools.

One of the best skills an information security professional can have is the ability to know how to present security issues in business terms. Having this skill will get your point across to the decision makers so they can give the necessary money for new security initiatives. You, of course, can explain to management what can happen if a certain security initiative is not carried out (i.e. customer credit card numbers could get stolen, a company could be put in the headlines, a CEO could go to jail for not ensuring proper controls, etc.). There are a lot of horror stories out there that demonstrate the seriousness of security flaws. Compliance requirements and fines, not to mention jail time, can also serve as a catalyst to get their attention.

It is also important to show management that security is a business enabler, not just a drain on the bottom line. Most businesspersons understand risk appetite and the opportunities that risk can provide for the company. In the business world, risk is not always a bad thing, as we in the information security tend to view it. There are several ways to show how security practices help the company in other ways than just pure protection.

A strong security system:

Enables new types of products and services, and new channels to new markets.

Promotes reliable, cost-effective, and timely communication with customers.

Allows transactions to occur with greater integrity and privacy, thus ensuring business continuity.

Creates a greater customer satisfaction and confidence, which can help sustain customer loyalty.

Enables profitable new types of customer/supplier engagements.

Encourages more reliable interaction with the organization's supply chain.

Provides more secure access to enterprise applications.

Finally, you shouldn't expect management to change; if you're struggling to connect with them, you need to adjust your approach. Understand the business, its drivers and its objectives. Tie security to these business aspects and illustrate this relationship to management. Carry out cost/benefit analysis. Present management with data in a format that they can understand and use. You need to show management that you understand a company is not in business just to be secure. A company is in business to profit, and security needs to support these goals as best as it can.

More information:

Learn more about getting management support from C-level decision makers.

Convince executives to use stronger passwords.

Dig Deeper

People who read this also read...

Related glossary terms

Terms for Whatis.com - the technology online dictionary
- security

Show me more

This was first published in December 2006

Cloud Security
- Leveraging Microsoft Azure security features for PaaS security
  
  Organizations can boost PaaS security late in the game by implementing these stopgap measures.
- Quiz: Understanding cloud-specific security technologies
  
  Think you understand cloud-specific security technologies as well as expert Joseph Granneman does? Test your knowledge with this quiz.
- CSA launches cloud security certification initiative for service providers
  
  Plan calls for working with certification bodies, government agencies, as well as an independent CSA certification.
Security Channel
- Biometric authentication methods: Comparing smartphone biometrics
  
  Biometric authentication helps ensure only authorized smartphone users can access a network. David Jacobs weighs the pros and cons of three methods.
- F5 Vault program embraces incentives for F5 firewall, security sales
  
  The Vault partner program uses incentives to increase visibility for F5 firewalls and its architecture bundle.
- Using DMARC to improve DKIM and SPF email antispam effectiveness
  
  DMARC aids the DKIM and SPF protocols that help keep spam out and let legitimate emails in. David Jacobs explains how.
searchMidmarketSecurity
- Windows Phone 7 security: Assessing WP7 security features
  
  Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.
- Choosing the best security certifications for your career
  
  Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
- Midmarket security tutorials
  
  SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.
searchFinancialSecurity
- Microsoft attempts legal action to disrupt some Zeus botnets
  
  Legal and technical actions could disrupt some Zeus botnet operations by seizing command-and-control servers in Pennsylvania and Illinois.
- More than hype: Security big data helps bank to boost security program
  
  At RSA Conference 2012, Zions Bancorporation detailed how it harvested security big data using a Hadoop-based security data warehouse.
- Web application threats: What you really need to know
  
  In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process.
Security UK
- ICO fines Welsh health board £70,000 for patient record loss
  
  For the first time, the ICO fines an NHS organisation for sending patient data to the wrong person.
- With mobile payments, security teams must move quickly
  
  As employees make payments on their mobile devices, the security team must act quickly to ensure corporate assets remain secure.
- SOCA takes its website offline in DDoS response
  
  Just days after SOCA shut down carder sites, the agency was the victim of a DDoS attack, leading SOCA to takes its website offline.
searchSecurityAU
- With mobile payments, security teams must move quickly
  
  As employees make payments on their mobile devices, the security team must act quickly to ensure corporate assets remain secure.
- PCI virtualization compliance still a challenge
  
  No black and white when it comes to PCI compliance in virtualized environments, experts say.
- Examining Kindle Fire security, Silk browser security in the enterprise
  
  Do Kindle Fire security issues, combined with weak Silk browser security, make the red-hot consumer device too risky for enterprises? Michael Cobb explains.
Information Security
- Information security budgets: Five steps to obtain management buy-in
  
  Getting management to approve security budgets is difficult. Here are guidelines to help you prepare and present information security budgets effectively.
- Maltego tutorial - Part 1: Information gathering
  
  Maltego is a powerful OSINT information gathering tool. Our Maltego tutorial teaches you how to use Maltego for personal reconnaissance of a target.
- POS terminal security: Best practices for point of sale environments
  
  Securing point of sale (POS) environments can be tricky. Shobitha Hariharan and Nitin Bhatnagar share comprehensive POS terminal security best practices.

Latest Headlines

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

How can IT professionals bring security concerns to senior management?

Requires Free Membership to View

Dig Deeper

People who read this also read...

Related glossary terms

More from Related TechTarget Sites