Q

IT security risk training for executives: How to get started

Executives don’t have time for formalized security risk training, so the onus is on the security team to become involved with core business processes.

What is the best way to get executives and business leaders in our company up to speed on acceptable IT security risk, and how much security risk training is necessary?

Ask the Expert!

Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

There is no magic bullet for getting executives on the same page about IT security risk. Education plays a big part of creating a culture of information security within any organization, so it's definitely a worthwhile effort. 

However, most executives do not have time for formal, dedicated information IT security risk training. The most effective training is informal and occurs only when IT security pros are given the opportunity to influence an organization's core business processes. This provides the opportunity to educate the business on possible risks involved with a new process or existing procedure at the time of inception. I have spent a lot of time with medical professionals in my career and have found that they definitely understand risk in the context of the medical profession. I can expand on this existing understanding of medical risk to explain and educate on IT security risk using their vernacular. 

The problem then becomes how the IT security management staff can gain the necessary leverage to influence business processes? The answer is that the IT security management team needs to educate itself on the business and be able to communicate using business terms. They can then share this information with their security team. I have made it a point to share health care business trends with my entire team at staff meetings, for example. They need to be as aware of shifting payer mixes and the migration away from fee-for-service as any other part of the organization. This knowledge helps build the trust between the business and IT security organization that is required for a strong security culture.

This was first published in June 2013

Dig deeper on Security Awareness Training and Internal Threats-Information

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close