Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Building a bridge from the CISO to the CEO

Resources to help CISOs make the case for security
Security Strategies Alert By M. E. Kabay , Network World , 05/13/2008
Sign up for this newsletter now!

Chief information security officers (CISO), security consultants and other security personnel constantly face the difficulty of reaching across a cultural divide to communicate our concerns to business leaders such as CEOs and their C-level and board colleagues. We often lack shared assumptions, concepts, terminology, and priorities; our job usually involves executive education in addition to the other two components of the acronym ATE - awareness, training and education.

Many security writers have struggled with the task of communicating our point of view to our business colleagues; readers may want to check the following essays I wrote for that purpose to see if they can be helpful:

* Implementing Computer Security: If Not Now, When? This little paper reviews key threats to information and urges managers not to wait in developing and implementing security policies. 

* Net Present Value of Information Security. Thoughts about ways of presenting information security as more than just loss-avoidance. 

* Securing Your Business in the Age of the Internet. Five pages this time to convince your bosses to pay attention to INFOSEC. 

* Security on a Budget. About 40 minutes of narrated lecture on the key elements of managing information security effectively. (Also in MP3

* What's Important for Information Security: A Manager's Guide. Yet another attempt to reach managers who are not yet interested in security. 

Much more valuable than my scattered writings is a compact little book called A Seat at the Table for CEOs and CSOs: Driving Profits, Corporate Performance & Business Agility by Jackie Bassett and Daniel Rothman and edited by Raquel Filipek. 

At 134 pages of clear, uncluttered prose, this work should be in every CISO's library - perhaps in more than one copy so that we can lend them out! The authors explore a point of view with which I know many of us will concur: that security is now a critical success factor directly related to strategic planning at the highest levels. Their insights and explanations will reach intelligent business colleagues across the spectrum of industries and even non-profits and government agencies.

Jackie Bassett, MBA, is the founder and CEO of BT Industrials. She is a business consultant with extensive experience in strategic planning and has written for SecurityInfowatch, ITAudit, and other publications as well as being a guest speaker at many events including ISACA Annual conferences.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Save The Date!
What They Are Saying

I think he should demand that at least one network engineer be on the jury. Very few other people would...- Anonymous

Join the Discussion