Dr. Fred Cohen, Principal Analyst for The Burton Group, presented this session Information Security Decisions Fall 2005.
Information security is much more than a series of technical issues. If done correctly,
He begins by discussing information security strategy as it relates to a business' needs. You learn how an effective information security program must serve the interests of the company by being overseen by executives, shareholders, the board of directors and auditors. Dr. Cohen shows you how this translates into a duty to protect that is driven by the risk management process into protection requirements that give executive security managers the mandate to lead.
Dr. Cohen also walks you through a roadmap for the way in which security leaders must interact with others within the organization to enable them to create business practices and processes that ensure proper levels of security. He offers tips for security managers to effectively get their message across, as well as outlines the structure of a successful security program.
Specific highlights of this presentation reveal:
- How governance fits into the overall enterprise security architecture
- How to effectively use power and influence in security governance
- How to accomplish more with little or no budget
- The role the CISO should play within the corporate governance structure
- How to make continuous improvement to information security programs and practices
This was first published in October 2005