Building C-Level Confidence with a Security Blueprint
by Samir Kapuria - Managing Director of Symantec Advisory Consulting Services - Tuesday, 21 October 2008.
IT professionals wear many hats these days. Not only are they charged with keeping the lights on, they must establish and maintain a defined security posture, ensure compliance with a long list of regulations, while also aligning IT operations with the organizationís broader strategic goals.

In addition, IT executives must find a way to communicate the business value of IT and risk to various business leaders within the organization. In order to do so, they must have an understanding of the organizational structure which supports corporate IT risk management, measures and enhances capability, and can communicate IT risk in business terms. Currently, organizations are deploying a number of strategies and frameworks to assess their organizationís risk and security posture Ė everything from ISO to COBIT. While these frameworks are often helpful, they generally provide information that is most relevant and specific to security professionals and IT risk champions.

An enterprise organization also needs to fill the gap between IT and business, a comprehensive Ďsecurity blueprintí which enables an organization to evaluate their IT security posture and allows them to communicate the current state back to business leaders. Using such a methodology allows security and IT professionals to evaluate the maturity of security program capabilities, identify areas of strength and opportunities for improvement, recommend an action plan, and communicate the overall security posture and plan of action with executive management. A security blueprint gives IT the tools to engage senior management, business stakeholders, and technical owners, and provides a roadmap for achieving goals.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 29th