CISO's overpromoted technologists
An interesting 4 part series by Network World on the challenges faced by CISO's (Chief Information Security Officers) trying to promote and sell the merits of information security internally in their organisations. CISO's are having a hard time getting their ideas accepted from the board level down and are just "overpromoted technologists".
Consultants suggest that the easiest and best way to overcome this problem is to start with some quantititaive ways of meauring how the organsiation is doing with security. They also point out to avoid droning on about the standards when approaching senior management for funding in security, otherwise "their eyes glaze over."
My company has deployed exactly such a tool over the last 12 months for 50 CISO's around the globe called the CxO Security Assessment . The interesting by-product of its quantititaive nature is the capability to perform industry sector benchmarking which has become an immensely useful tool for CSO's to unlock budget and get management to take security seriously.
CATEGORIES : 1compliance, 1benchmarking, 1trends, 1assessment, 1riskmanagement
Consultants suggest that the easiest and best way to overcome this problem is to start with some quantititaive ways of meauring how the organsiation is doing with security. They also point out to avoid droning on about the standards when approaching senior management for funding in security, otherwise "their eyes glaze over."
My company has deployed exactly such a tool over the last 12 months for 50 CISO's around the globe called the CxO Security Assessment . The interesting by-product of its quantititaive nature is the capability to perform industry sector benchmarking which has become an immensely useful tool for CSO's to unlock budget and get management to take security seriously.
CATEGORIES : 1compliance, 1benchmarking, 1trends, 1assessment, 1riskmanagement
posted by Dwaine at 8/01/2006
0 Comments:
Post a Comment
<< Home