This is cache of http://ravichar.blogharbor.com/blog/_archives/2007/1/19/2664385.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
We did not get sufficient budget for security program..
2007-01-19 07:33:52 by RaviC in Musings on Information Security
 

Security manager often complain about the budget allocation to the security program. Is it true that senior management does not give a hoot about security? More likely than not the security manager has not communicated the value of the security program (Please. refer: Mike Rothman's Pragmatic CSO Section 4:Communicate  your Value).

1. Track metrics of the security program and announce it on a regular basis. Demonstrate continuous improvement.  Some examples of metrics are: Effectiveness of Anti-spam, Effectiveness of Anti-virus, Effectiveness of URL blocking Et. Al.

2. Post relevant security news item on the company Intranet portal on an ongoing basis.

3. Post security column on your company's newsletter on an ongoing basis.

4. Impart security awareness training to employees. Don't exclude contractors, have a customized version of training ready for them.

5. Provide employees with handouts on best information security practice.

6. When a user has a security related issue, treat this as an opportunity to educate the user about best security practice.

7. Last but not the least, communicate value of the security program for upper management in terms of competitive benchmarks, risk mitigation and compliance status.

 

  

 
Tags: security, security program, impart security awareness, security manager, post security column, security practice, information security practice, regular basis, company intranet portal
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia