Home > Ask the Security Experts > SearchSecurity.com's Archive Questions & Answers > How to get executive management interested in an information security program
Ask The Security Expert: Questions & Answers
EMAIL THIS

How to get executive management interested in an information security program

Shon Harris EXPERT RESPONSE FROM: Shon Harris

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 11 November 2006
I work for an institution of higher learning, and I have the toughest time getting our executive leadership to pay attention to us. Many of the school's departments are interested in the information security program, but the execs are sitting on their hands. Any ideas?

>
EXPERT RESPONSE
This is a common complaint for almost all security professionals, but believe it or not, the situation is much better than it has been in recent years. Each year, more organizations experience data security breaches and find their names in the headlines; this negative exposure resonates with management. Laws and regulations are also becoming stricter. Many states now have breach notification laws, requiring an organization to alert state residents if they have experienced a breach. Having to issue such a notification would be terrible PR for any organization.

For information as to how to get the attention of an organization's executives, read my previous response on bringing security concerns to senior management.

If you still cannot lead this horse to the water, it is important that you document all of your efforts to get management to practice due care and due diligence. That way, if something bad does take place, you won't go down with the ship.

More information:

  • Learn about the elements of a security program.
  • Get management support from C-level decision makers.


    • Sound Off! -   Be the first to post a message to Sound Off!


    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Identity Theft and Data Security Breaches
    Security data lapses hamper researchers
    Data breaches caused by employee errors, process failures
    Data breach laws have no effect on prevention, researchers say
    Walter Reed admits breach of patient information
    Address Authentication and Transaction Validation Protocols to Stem Identity Theft
    Stolen data ending up in Google cache, say researchers
    Security breach management: Planning and preparation
    Societe Generale bolsters internal controls, discovers second insider
    Companies still monitoring email manually, survey finds
    NSS Labs to focus research on PCI technologies

    Management Support for Information Security
    Results Chain for Information Security and Assurance
    Information Security Blueprint
    Learn from NIST: Best practices in security program management
    CISOs adapt as compliance requires strategic thinking
    The New School of Information Security
    Security, Privacy Offices Must Combine Resources
    E-discovery management: How IT should interact with the legal team
    IT GRC: Combining disciplines for better enterprise security
    Security Wire Weekly: Shrinking IT security budgets
    Are there security management products that can track compliance objectives?

    SearchSecurity.com's Archive
    How should information security and networking groups coordinate firewall management?
    How is ISO 17799 different from SAS 70?
    How can a call center achieve compliance with ISO 27001?
    How should a company's security program define roles and responsibilities?
    How can IT professionals bring security concerns to senior management?
    Should a single security officer control both physical security and information security operations?
    Should an organization centralize its information security division?
    How to create guidelines for using removable storage devices
    How can I attain CISSP credentials?
    What are the top five high risk areas in a network operations environment?

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    bot worm  (SearchSecurity.com)
    CISP-PCI  (SearchFinancialSecurity.com)
    cookie poisoning  (SearchSecurity.com)
    drive-by pharming  (SearchSecurity.com)
    extrusion prevention  (SearchSecurity.com)
    identity theft  (SearchSecurity.com)
    parameter tampering  (SearchSecurity.com)
    pretexting  (SearchCIO.com)
    Rock Phish  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice

    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts