CHAPTER 12: INFORMATION SECURITY GOVERNANCE
This is a much harder sell but, if the board can be brought to understand that it has a governance responsibility in respect of information security, you will have made the task of selling future information security investment proposals that much easier for yourself.
Here’s the argument:
The availability, integrity and confidentiality of its data are fundamental to the long-term survival of any 21st century organisation. Unless the organisation takes a top-down, comprehensive and systematic approach to protecting its information, it will be vulnerable to a wide range of threats, including cyber crime and cyber terrorism, data leakage and insider attacks. These threats are a ‘clear and present danger’ ...