Execs Share Tips on Communicating Security Investments
Communicating the importance of security investments to top business executives is hard to do when you can't assign a ready number to a loss that was prevented.
By Michael Goldberg
September 06, 2006
—
CSO
—
Communicating the importance of security investments to top business executives is hard to do when you can’t assign a ready number to a loss that was prevented.
Four security practitioners shared a few tips for doing so at The Security Standard conference in Boston: Scott Blake, CISO of Liberty Mutual Insurance Group; Tom Bowers, manager of information security operations at a large drug maker; Jeff Platon, vice president of security marketing at Cisco Systems; and John Schramm, senior VP of enterprise information security at Fidelity Investments.
Among their suggestions:
• Keep it real. Use examples from your business to make your points about the need for security investments.
• Use examples from media reports, too. The idea is to communicate through these examples the fallout from security incidents. And discuss how you are addressing such risks at your company.
• Make security investments relevant to business strategy. Project your recommendations about security investments through the lens of your organization’s priorities.
* Follow the rules. Compliance with government regulations is a risk management issue. Security executives need to communicate clearly about compliance-related security investments and what failing to comply could mean for a company and its top executives.
Keep checking in at our Security Feed for updated news coverage.
Read more about executive communication in CSOonline's Executive Communication section.
ESSENTIAL READING
Expert advice and resources for communicating effectively with CEOs and other executives
9 secrets of getting stuff done in big companies
Leading CSOs and CISOs on how to get budget approval and followthrough on security initiatives
Business negotiation secrets from an FBI hostage negotiator
How to use "active listening" and other techniques for effective communication
The business value of a CSO
Connect other leaders via their common risk management concerns&and reap competitive advantage
How to manage operational risk through ERM
Risk management provides the language that connects with the boardroom
A CEO/CSO communication case study
Business communication 101 for security
- Balancing Increasing Security Requirements with Decreasing Budgets
- Gain Control of the New Threat Landscape
- Securing Your BYOD Strategy: Cisco Secure Mobility Solutions
- Securing Your BYOD Strategy: Cisco Secure Mobility Solutions
- Introduction to VMware vCenter Site Recovery Manager 5
- Reliable Disaster Protection with VMware vCenter Site Recovery Manager
- Overcome Top 7 Admin Challenges of Active Directory
- X-Ray of the PCI Process-4 Proactive Steps
- Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business
- Secure Managed File Transfer: Bringing Coherence & Control to Compliance
- The TCO of FTP: Hidden Costs of "Free" File Sharing
- Streamline, Speed and Secure the Supply Chain with Managed File Transfer
- Your RSA, BSidesSF survival guide for 2012
Last year I wrote a column on how to get the most out of RSA and Security B-Sides without getting eaten alive by all the flash around you.
read more - Patch Tuesday preview, February 2012
- M86 report proves water is wet
More Salted Hash with Bill Brenner
