Building C-Level Confidence with a Security Blueprint
by Samir Kapuria - Managing Director of Symantec Advisory Consulting Services - Tuesday, 21 October 2008.
IT professionals wear many hats these days. Not only are they charged with keeping the lights on, they must establish and maintain a defined security posture, ensure compliance with a long list of regulations, while also aligning IT operations with the organizationís broader strategic goals.

In addition, IT executives must find a way to communicate the business value of IT and risk to various business leaders within the organization. In order to do so, they must have an understanding of the organizational structure which supports corporate IT risk management, measures and enhances capability, and can communicate IT risk in business terms. Currently, organizations are deploying a number of strategies and frameworks to assess their organizationís risk and security posture Ė everything from ISO to COBIT. While these frameworks are often helpful, they generally provide information that is most relevant and specific to security professionals and IT risk champions.

An enterprise organization also needs to fill the gap between IT and business, a comprehensive Ďsecurity blueprintí which enables an organization to evaluate their IT security posture and allows them to communicate the current state back to business leaders. Using such a methodology allows security and IT professionals to evaluate the maturity of security program capabilities, identify areas of strength and opportunities for improvement, recommend an action plan, and communicate the overall security posture and plan of action with executive management. A security blueprint gives IT the tools to engage senior management, business stakeholders, and technical owners, and provides a roadmap for achieving goals.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th