Chapter 3. Interfacing with the Organization


  • Understanding how security fits within an organization

  • Determining a methodology for implementing enterprise security

  • Identifying core areas of focus for security

  • Knowing the key questions and information that must be provided to executives

Many organizations have security policies, security teams, and security budgets, but that is not enough for an organization to be secure. Most organizations that have had security incidents had policies, budgets, and security personnel in place; however, they did not have security integrated within the organization and mapped to risk. Managing and controlling the risk to critical information and communicating this to executives is a critical part of a successful security program.

This chapter defines an enterprise methodology that can be used for managing security within an organization. Security cannot be successful if there is not buy-in from the executives, and if the executives do not understand and know the risks that are present to their organization. Therefore, once a methodology is defined, key questions that every manager must be able to answer are defined with appropriate responses.

An Enterprise Security Methodology

"What actions should I take to improve security?" "How much should I spend on security?"

These are common questions all CEOs, presidents, and CFOs ask themselves in these vulnerable times.

How to address security is confounded by a number of confusing and ironic aspects ...

Get Network Security Bible, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.