Posted by ed_maverick in Information Security | 0 comments
Given the growing importance of information and data for organizations, worldwide, one would think that it’s protectors would be given sufficient power, if not the proverbial free-hand, to implement necessary security measures. We say this because Information Security professionals already have a humongous task of fighting and protecting the organization’s information assets against plethora of threats. Moreover, the nature of the field is such that they have to keep themselves updated with latest trends, technologies, certifications etc. Does it, then, justify to pile on the burden of convincing the Senior Management and Board of Directors (who are already aware of these issues and understand their importance) for implementing new security measures? Does it? Of course, the real world scenario is much more complex and implementing such a structure might not be feasible. All we are saying is give your soldiers some room to breath. While organizations are waking up to this reality, we hope that they don’t take too long.
While assigning Information Security function an autonomous status may be delayed, CISOs have to do their job and the only way through is through the gates of the Management. It is no surprise then that most CISOs are also good salesmen. They have learnt the ropes of the trade and have a few tricks up their sleeves. In the article linked below, Mr. Venkatesh Subramaniam, CISO Idea Cellular Ltd. speaks of his art of dealing with the Management. He presents some really good insights on how he keeps business aligned with Information Security function, not an easy task.
Disclosure: Mr. Venkatesh Subramaniam, CISO Idea Cellular Ltd., is a friend and our mentor.
, Information Security