[ISN] How To Talk About InfoSec To Your Board Of Directors

http://www.darkreading.com/risk/how-to-talk-about-infosec-to-your-board-of-directors/a/d-id/1251100 By Steve Durbin Dark Reading 5/19/2014 In our global economy, the rapid evolution of technology has caused a massive shift in the information security landscape. Businesses are finding that they have more limited resources than ever before which must be prioritized to areas of greatest need or return. The task of determining priorities is difficult in itself; the imperative is delivering more for less, both in terms of new investment and existing resources. These monumental challenges cannot be met by a compartmentalized IT strategy because every piece of the modern enterprise runs on connectivity and data. Information technology runs through every department; so must information security initiatives. Today’s chief information security officers (CISO) need to be proactive in promoting and supporting new business based on strong information security and sound business-based risk assessment. As a result of these trends it is essential for CISOs to connect with the Board of Directors and approach technology and security initiatives with a risk vs. reward mindset. Too often new technologies are adopted as a way of differentiating to gain advantage over competitors. But without a robust, cost-benefit-risk analysis, organizations could end up standing out for all the wrong reasons. […]