The reasons for targeting senior executives are obvious, but let's go over them. First, it's where the money is....
The senior folks tend to have access to sensitive corporate data and more personal assets for the bad guys to target. Additionally, many of these executives are not as security aware as they need to be.
Which brings us to the second part of the question: how do we get senior executives to take security as seriously as they need to? I recommend a two-pronged approach. First, work with the human resources group to set up a broader security awareness training curriculum for senior executives. Actually, all employees should receive training, but given the fact that senior execs are being specifically targeted, the process should start with them.
Second, I'd work through the executive back channels to make the case that this kind of training is important. In other words, if you don't have access to the senior management team, go to your boss or your boss' boss and get access. A hallmark of my Pragmatic CSO approach to security is to develop relationships with the senior team and to be considered a peer because security is an important business issue. This is a great opportunity to test your mettle and get some face time with the powers that be.
For more information:
Dig Deeper on Security Awareness Training and Internal Threats-Information
Related Q&A from Mike Rothman
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them ... Continue Reading
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.