Building C-Level Confidence with a Security Blueprint
by Samir Kapuria - Managing Director of Symantec Advisory Consulting Services - Tuesday, 21 October 2008.
IT professionals wear many hats these days. Not only are they charged with keeping the lights on, they must establish and maintain a defined security posture, ensure compliance with a long list of regulations, while also aligning IT operations with the organizationís broader strategic goals.

In addition, IT executives must find a way to communicate the business value of IT and risk to various business leaders within the organization. In order to do so, they must have an understanding of the organizational structure which supports corporate IT risk management, measures and enhances capability, and can communicate IT risk in business terms. Currently, organizations are deploying a number of strategies and frameworks to assess their organizationís risk and security posture Ė everything from ISO to COBIT. While these frameworks are often helpful, they generally provide information that is most relevant and specific to security professionals and IT risk champions.

An enterprise organization also needs to fill the gap between IT and business, a comprehensive Ďsecurity blueprintí which enables an organization to evaluate their IT security posture and allows them to communicate the current state back to business leaders. Using such a methodology allows security and IT professionals to evaluate the maturity of security program capabilities, identify areas of strength and opportunities for improvement, recommend an action plan, and communicate the overall security posture and plan of action with executive management. A security blueprint gives IT the tools to engage senior management, business stakeholders, and technical owners, and provides a roadmap for achieving goals.

Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //