CHAPTER 4: STAKEHOLDERS AND COMMUNICATION

As discussed in the previous chapter, stakeholder engagement is key in making sure that risks are addressed properly. The earlier people are involved in a security project, the easier it is to obtain their support. The same principle applies when security professionals have to be involved in other people’s projects. Andrew Martin, a director for IT risk at a global bank, shares an example of a security solution that was not successfully implemented. A company wanted to mitigate the risk of exploiting vulnerabilities in their applications and decided to deploy a code-scanning tool. This would make sure that applications are tested for exploits before they are released.

“Uptake on the use of this code-scanning ...

Get The Psychology of Information Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.