Q

Learn security program management strategies to improve IT security

As a new security manager, it's important to prove to the enterprise executives that you can improve information security quickly. Read these security management strategies that can help.

I'm a first-time security manager, and our executives are looking for me to rapidly develop our security program. What are a handful of the easiest, overarching strategies I can implement to improve security management quickly at my organization?
First and foremost: communicate, communicate, communicate. When that's done, communicate some more. I can't possibly highlight this enough. There are two groups you need to be communicating with the most: the users as a whole and the heads of the business units.

For the users, start by making sure they know the security group exists and is there to help, not just to play netcops. At the same time, it's important that users know what the IT security policies are, because rules they don't know are a lot harder to follow than the ones they do. Humor aside, employee security awareness training is a mandatory element of compliance with regulations such as PCI DSS and HIPAA, and the cost of HIPAA...

violations is about to go through the roof as a result of the Health Information Technology for Economic and Clinical Health Act(HITECH Act).

At the other end of the spectrum are the business unit heads. These include, but are far from limited to, the heads of sales, marketing, engineering, legal, IT and, of course, the CEO, CFO and any other members of the C-suite. This communication is important because as a security manager you need to know where to prioritize resources, and that prioritization needs to come from those who are making the decisions about how the business runs. By sitting down with these executives and talking about their goals for the next few quarters, you are demonstrating that security is not only there to say "no" and install firewalls, but is also genuinely interested in enabling the business to succeed. This is also a chance to learn about potential concerns that the executives may have about their projects.

Understanding these concerns, combined with learning about projects earlier on, will not only enable you to get security issues addressed earlier (which is cheaper), but also to come up with creative solutions to these problems, rather then just throwing stock technology at them at the last minute and crossing your fingers.

For more information:

This was first published in March 2009

Dig deeper on Business Management: Security Support and Executive Communications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close