1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: Three ways to align security programs to enterprise strategy

Discussion in 'CSO' started by RSS, May 10, 2016.

  1. RSS

    RSS New Member Member

    Among challenges faced by information security teams, one of the most common is how best to align the security program with the larger business. While everyone comes together around the idea that security breaches are bad, balancing the costs of preventing them against other enterprise priorities is a trickier proposition. Unified stakeholders often diverge when forced to choose between security and other values like profitability or ease of use. It gets even harder when organizations struggle simply to agree on how risk should be defined or what acceptable security risk really means.

    Since all security programs depend upon business owners for resources, cooperation, and support, it's in every CISO and security manager's best interests to be able to translate the benefits of security into the language of enterprise strategy. That means outreach messaging designed to do more than just scare the pants off everyone. FUD tends to be a self-defeating tactic over time. The audience either grows numb to it, or begins to actively resent the security team as a "party of no!" that only exists to make life harder for everyone. When security is seen as an adversary and not a business partner, half the battle is lost.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page