Building C-Level Confidence with a Security Blueprint
by Samir Kapuria - Managing Director of Symantec Advisory Consulting Services - Tuesday, 21 October 2008.
IT professionals wear many hats these days. Not only are they charged with keeping the lights on, they must establish and maintain a defined security posture, ensure compliance with a long list of regulations, while also aligning IT operations with the organizationís broader strategic goals.

In addition, IT executives must find a way to communicate the business value of IT and risk to various business leaders within the organization. In order to do so, they must have an understanding of the organizational structure which supports corporate IT risk management, measures and enhances capability, and can communicate IT risk in business terms. Currently, organizations are deploying a number of strategies and frameworks to assess their organizationís risk and security posture Ė everything from ISO to COBIT. While these frameworks are often helpful, they generally provide information that is most relevant and specific to security professionals and IT risk champions.

An enterprise organization also needs to fill the gap between IT and business, a comprehensive Ďsecurity blueprintí which enables an organization to evaluate their IT security posture and allows them to communicate the current state back to business leaders. Using such a methodology allows security and IT professionals to evaluate the maturity of security program capabilities, identify areas of strength and opportunities for improvement, recommend an action plan, and communicate the overall security posture and plan of action with executive management. A security blueprint gives IT the tools to engage senior management, business stakeholders, and technical owners, and provides a roadmap for achieving goals.

Spotlight

Intentional backdoors in iOS devices uncovered

Posted on 22 July 2014.  |  A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //