Dr. Fred Cohen, Principal Analyst for The Burton Group, presented this session Information Security Decisions Fall 2005.
Information security is much more than a series of technical issues. If done correctly, security becomes a key component of running an effective business. In this presentation, Dr. Fred Cohen, who is one of the world's leading researchers and analysts in information protection, investigates the link between corporate governance and information protection. For many businesses, regulations drive this discussion, but Dr. Cohen shows you how successful security programs can also lead to sensible protection that focuses on business performance and enhances shareholder value.
He begins by discussing information security strategy as it relates to a business' needs. You learn how an effective information security program must serve the interests of the company by being overseen by executives, shareholders, the board of directors and auditors. Dr. Cohen shows you how this translates into a duty to protect that is driven by the risk management process into protection requirements that give executive security managers the mandate to lead.
Dr. Cohen also walks you through a roadmap for the way in which security leaders must interact with others within the organization to enable them to create business practices and processes that ensure proper levels of security. He offers tips for security managers to effectively get their message across, as well as outlines the structure of a successful security program.
Specific highlights of this presentation reveal:
- How governance fits into the overall enterprise security architecture
- How to effectively use power and influence in security governance
- How to accomplish more with little or no budget
- The role the CISO should play within the corporate governance structure
- How to make continuous improvement to information security programs and practices