Management of Information Security — Coaching for the CEO/COO/CFO and every Employee.
It has been said, learn the ways of your enemy; learn them better than you know their own. The world plays checkers, you need to start playing chess.
When you step into the office of someone who worked their way to the top, someone whose job role is to keep the company profitable, the last thing they want to do is part with it. One bad quarter will sink a senior executive these days. They don’t want to gamble with the company’s assets.
The approach is simple: Senior Executives need to realize that the center of their business, is their digital assets. The protections on the digital perimeter are just as important as keeping the financial systems updated or the check book in a safe place.
Our advice for senior executives is to lead the conversation. Establish a great rapport with the people in your organization that can help protect the companies assets. Which means every employee! Stop being the nerdy anti-social manager or technician that doesn’t want to be bothered. People are going to treat you the way you present yourself, they’re going to use what you give them. (You’re going to learn a lot of this when we start going over Social Engineering attacks in future blogs.)
For employees, especially IT members, learn how to be a business person. An executive that cares about protecting the companies digital assets. If you’re end goal is the CXO office or running a company of your own, get a head start. Get into the meetings about Security, even if they bore you. This is a hack of knowledge. Everything is a hack of something. Get the information you need, put the picture together. Minimize your risk and your companies risk.
Be able to explain how a wonderful new Intrusion Detection System is going to reduce your man hours. Explain how much overtime won’t need to be spent reviewing logs when you can correlate them in on spot. Explain how this is going to reduce your cyber liability premiums. Explain that demonstrating and implementing security measures is going to save them millions in court should anything ever get litigated. Explain the negative impacts of press coverage. A breach could impact bonuses.
These are the things that are important to the companies and their shareholders (whether a private or public company). A $100,000 incident response and logging system is just gibberish to someone who only cares about numbers. It’s expensive, it’s big and it’s likely a few thousand shares of common stock.
When you start talking Executive language, and Executives start communicating with employees about protecting digital assets, you can control your company’s risk and resulting losses of a hack. For more information, feel free to reach out to Vince Sutera at email@example.com or call him at 732–841–6210
Collaboration of Ken Pyle and Vince Sutera