Manage Learn to apply best practices and optimize your operations.

How to get management interested in an information security program

When it comes to firing up an information security program, are your execs sitting on their hands? In this expert Q&A, security management pro Shon Harris reveals how to speak the language of senior management.

I work for an institution of higher learning, and I have the toughest time getting our executive leadership to pay attention to us. Many of the school's departments are interested in the information security program, but the execs are sitting on their hands. Any ideas?
This is a common complaint for almost all security professionals, but believe it or not, the situation is much better than it has been in recent years. Each year, more organizations experience data security breaches and find their names in the headlines; this negative exposure resonates with management. Laws and regulations are also becoming stricter. Many states now have breach notification laws, requiring an organization to alert state residents if they have experienced a breach. Having to issue such a notification would be terrible PR for any organization.

For information as to how to get the attention of an organization's executives, read my previous response on bringing security concerns to senior management.

If you still cannot lead this horse to the water, it is important that you document all of your efforts to get management to practice due care and due diligence. That way, if something bad does take place, you won't go down with the ship.

More information:

  • Learn about the elements of a security program.
  • Get management support from C-level decision makers.
  • This was last published in January 2007

    Dig Deeper on Data security breaches

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.