PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
May 2009

Service-focused security offers best value to organization

The tactics and personalities assumed by security teams have bred some rather novel approaches for implementing and promoting security practices within organizations. We've likely all seen the iron-fisted security group, which prefers the stick over the carrot, and tries to garner support and compliance through the spread of fear and uncertainty. Having seen an information security manager brute force C-level executive passwords and post them for all to see, I long ago concluded this approach doesn't work. Too often, security professionals damage relationships with key stakeholders through such aggressive tactics. Other security teams attempt to raise awareness for their practice through the more benevolent approach of security metrics. But implementing metrics that demonstrate the monetary value of a security practice to the C-suite is a conundrum. Realistic security metrics related to monetary value simply don't exist and never will except in a very few unique, isolated scenarios. While their approaches are radically different...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue