This page contains a Flash digital edition of a book.
Boardroom strategies


Getting the message across


Advanced information security management is all about getting the boardroom to buy into and understand the security message. But how do you actually achieve this?


The message is loud and clear from information security analysts and experts around the world: security is a business enabler and this is not going to change.


The first step in the path to business enlightenment was getting information security professionals to understand that their role was fundamentally changing from IT to business. From simply stopping malware and attacks they needed to understand that doing this efficiently meant business rewards and market advantage. Hopefully as an Inform reader you know this. But now you have a bigger challenge: getting your voice heard at the boardroom so that the C-level understands the new security paradigm. With some good sense and planning it can be done however.


The first thing that needs to be said is if you want to be taken seriously at the C-level you need to talk their language. In the boardroom, speaking about your success dealing with malware, hacking, patching or indeed any IT security related matter is likely to be greeted with indifference. It’s not because they don’t think these things matter but because they would be surprised if you weren’t actually fulfilling these fundamentals of your job description. That’s what they pay you for after all.


This is especially important if your message is ultimately about investing to protect the business from those trends and technologies that are radically and rapidly changing the business environment in which we operate. So what they need to know is that you know that there is much more to your job and knowledge base.


You know that the business is at risk from threats that the board doesn’t yet understand; consumerisation, cloud and cyber attacks taking the form of advanced persistent threats (APT). So you need to formulate a communication strategy to get the message across that unless managed with a cohesive and corporate strategy, with total board buy-in, they threaten to overwhelm the business.


Equally you need to be able to tell them that, properly managed, consumerisation and cloud can bring great business benefits.


The C-suite understand profit, loss, downtime, loss of customer confidence, damage to reputation and the risk position of the company. They need to know from you that these new trends threaten to impact on that position in a big way.


Inform – Issue 5 | 2011 25


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28