Chapter 3. Interfacing with the Organization
IN THIS CHAPTER
Understanding how security fits within an organization
Determining a methodology for implementing enterprise security
Identifying core areas of focus for security
Knowing the key questions and information that must be provided to executives
Many organizations have security policies, security teams, and security budgets, but that is not enough for an organization to be secure. Most organizations that have had security incidents had policies, budgets, and security personnel in place; however, they did not have security integrated within the organization and mapped to risk. Managing and controlling the risk to critical information and communicating this to executives is a critical part of a successful security program.
This chapter defines an enterprise methodology that can be used for managing security within an organization. Security cannot be successful if there is not buy-in from the executives, and if the executives do not understand and know the risks that are present to their organization. Therefore, once a methodology is defined, key questions that every manager must be able to answer are defined with appropriate responses.
An Enterprise Security Methodology
"What actions should I take to improve security?" "How much should I spend on security?"
These are common questions all CEOs, presidents, and CFOs ask themselves in these vulnerable times.
How to address security is confounded by a number of confusing and ironic aspects ...