Chapter 19
Ten Tips for Getting Upper Management Buy-In
Dozens of key steps exist for obtaining the buy-in and sponsorship that you need to support your ethical hacking efforts. In this chapter, I describe the ones that I find are the most effective.
Cultivate an Ally and a Sponsor
Selling ethical hacking and information security to management isnât something you want to tackle alone. Get an ally â preferably your direct manager or someone at that level or higher in the organization. Choose someone who understands the value of ethical hacking as well as information security in general. Although this person might not be able to speak for you directly, she can be seen as an unbiased third-party sponsor and can give you more credibility.
Donât Be a FUDdy Duddy
Sherlock Holmes said, âIt is a capital mistake to theorize before one has data.â To make a good case for information security and the need for ethical hacking, support your case with relevant data. However, donât blow stuff out of proportion for the sake of stirring up fear, uncertainty, and doubt (FUD). Managers worth their salt can see right through that. Focus on educating management with practical advice. Rational fears proportional to the threat are fine. Just donât take the Chicken Little route, claiming that the sky is falling with everything all the time.
Demonstrate How the Organization Canât Afford to Be Hacked
Show how dependent the organization is on its information systems. Create what-if scenarios ...
Get Hacking For Dummies, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
