Latest news
How to get promoted in IT security
by Philip Lieberman - President at Lieberman Software - Tuesday, 16 October 2012.
Make sure your boss is recognised as a leader as opposed to a manager
To get ahead, one has to be seen as a leader. What better way to get ahead than to help your boss look like a leader too? After all, she may take you in her wake as she goes up the organisation. Make sure your boss knows if there are any IT security traps in the organisation, for example software and hardware default passwords left unchanged.
Maintain an IT security calendar for your boss so that she knows when big events are occurring and is not caught out by her management when asked about them.
Help your boss to make IT security a board level issue
To most corporate boards, IT security is purely a function such as HR or payroll. Making them realise that IT security is an enabler of a fit business will require you to arm your boss with the necessary articles from the trade and national press which highlight the business benefits of IT security, particularly those processes which keep the organisation innovating and seen as a leader.
3. Think like a CFO
IT is an expense, but the benefits may include the reduction of real risks.
It is essential that any security implementation takes into account the cost/benefit analysis required by the CFO to show that you are using the companies monies efficiently; and you are also making effective decisions to protect the corporation as a whole. You must show a keen understanding of the potential losses vs. the costs of mitigating the losses in advance and be able to present a business case that makes sense and has a compelling ROI compared to the status quo.
Also, consider switching the company from a point in time compliance to a new continuous compliance strategy. By doing so there is no longer a need to prepare for an audit since every day is audit day.
Try to embrace the findings of the auditors and show how their expensive services can be used to make the company more secure. Getting the auditors on your side and willing to promote you and your organization's adoption of best practices, can provide top corporate level visibility. Auditors can be your friends if they know what they are doing and can point out not only problems, but also solutions that are practical. Remember that the next person the auditor speaks with will be the C-level execs as well as the CEO.
4. Improve the education of your organisation's staff
Consider doing an internal IT security bulletin for all staff with handy hints on password management, how to spot dangerous emails, etc. Ensure that management and the board know you are behind this.
Do a series of lunchtime seminars to educate the staff on IT security. These can be done on staying secure online and similar topics that could be useful to employees at home, as well as at work. If staff find your seminars useful at home they are more likely to value you.
Share your knowledge about IT security with the staff when problems arise — you could set up an intranet page which draws attention to current phishing e-mails, or the problems of shared privileged account passwords and the remedies.
To get ahead, one has to be seen as a leader. What better way to get ahead than to help your boss look like a leader too? After all, she may take you in her wake as she goes up the organisation. Make sure your boss knows if there are any IT security traps in the organisation, for example software and hardware default passwords left unchanged.
Maintain an IT security calendar for your boss so that she knows when big events are occurring and is not caught out by her management when asked about them.
Help your boss to make IT security a board level issue
To most corporate boards, IT security is purely a function such as HR or payroll. Making them realise that IT security is an enabler of a fit business will require you to arm your boss with the necessary articles from the trade and national press which highlight the business benefits of IT security, particularly those processes which keep the organisation innovating and seen as a leader.
3. Think like a CFO
IT is an expense, but the benefits may include the reduction of real risks.
It is essential that any security implementation takes into account the cost/benefit analysis required by the CFO to show that you are using the companies monies efficiently; and you are also making effective decisions to protect the corporation as a whole. You must show a keen understanding of the potential losses vs. the costs of mitigating the losses in advance and be able to present a business case that makes sense and has a compelling ROI compared to the status quo.
Also, consider switching the company from a point in time compliance to a new continuous compliance strategy. By doing so there is no longer a need to prepare for an audit since every day is audit day.
Try to embrace the findings of the auditors and show how their expensive services can be used to make the company more secure. Getting the auditors on your side and willing to promote you and your organization's adoption of best practices, can provide top corporate level visibility. Auditors can be your friends if they know what they are doing and can point out not only problems, but also solutions that are practical. Remember that the next person the auditor speaks with will be the C-level execs as well as the CEO.
4. Improve the education of your organisation's staff
Consider doing an internal IT security bulletin for all staff with handy hints on password management, how to spot dangerous emails, etc. Ensure that management and the board know you are behind this.
Do a series of lunchtime seminars to educate the staff on IT security. These can be done on staying secure online and similar topics that could be useful to employees at home, as well as at work. If staff find your seminars useful at home they are more likely to value you.
Share your knowledge about IT security with the staff when problems arise — you could set up an intranet page which draws attention to current phishing e-mails, or the problems of shared privileged account passwords and the remedies.
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
