PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
June 2004

Internal security controls and business continuity go hand in hand

How do you know when you have "enough" security? Every company answers this question differently, depending on its security mindset. This mindset, usually dictated by the board and the CEO, governs the company's fundamental approach to IT risk: How much are we at risk? What type of risk? What do we do about it? Every CEO pays lip service to security. But when it's time to transform words into deeds, CEOs fall into one of four evolutionary stages of security enlightenment. Stage 1: Security is a necessary evil. "I pay for IT security because I have to. The government is forcing security regulations down my throat, and I'll spend what's necessary to comply, but not a penny more. My board and shareholders demand financial results. I'm not about to invest a ton of money in security when there's a thousand other revenue opportunities to pursue." Stage 2: Security is air conditioning. "Security is a basic necessity, like electricity or climate control. When the occasional heat wave hits, you crank up the AC. When you get nailed by a ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue