http://www.darkreading.com/risk/how-to-talk-about-infosec-to-your-board-of-directors/a/d-id/1251100
By Steve Durbin
Dark Reading
5/19/2014
In our global economy, the rapid evolution of technology has caused a
massive shift in the information security landscape. Businesses are
finding that they have more limited resources than ever before which must
be prioritized to areas of greatest need or return. The task of
determining priorities is difficult in itself; the imperative is
delivering more for less, both in terms of new investment and existing
resources.
These monumental challenges cannot be met by a compartmentalized IT
strategy because every piece of the modern enterprise runs on connectivity
and data. Information technology runs through every department; so must
information security initiatives. Today's chief information security
officers (CISO) need to be proactive in promoting and supporting new
business based on strong information security and sound business-based
risk assessment.
As a result of these trends it is essential for CISOs to connect with the
Board of Directors and approach technology and security initiatives with a
risk vs. reward mindset. Too often new technologies are adopted as a way
of differentiating to gain advantage over competitors. But without a
robust, cost-benefit-risk analysis, organizations could end up standing
out for all the wrong reasons.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
