Ever wonder what approach information security managers should take to ensure their organizations’ IT infrastructures are defended from all kinds of threats? Well, ISACA has just released a list of six crucial facets of a successful IT security strategy in a report based on a global survey of executives, senior management, information security managers and staff, research directors and consultants. Surprisingly, none of these recommendations are especially technical in nature.
According to ISACA, the six keys to effective organizational IT security are:
- Senior management’s commitment to information security initiatives.
- Management’s understanding of information security issues.
- Information security planning prior to the implementation of new technologies.
- Integration between business and information security.
- Alignment of information security with the organization’s objectives.
- Executive and line management’s ownership and accountability for implementing, monitoring and reporting on information security.
The underlying theme with all of these is more effective communication on the part of IT security managers, said Sharon O’Bryan, CISA, president and CEO of O’Bryan Advisory Services Inc. and author of ISACA report. “Certainly, one of the underlying themes through this project was the need for drastic change in the approach to educating the information security manager,” she said. “One of the realizations that came through was there’s a gap in skills, everything from knowing how to manage complex budgets to developing real business cases.
“Perhaps we are not doing the job we need to be doing to learn how to communicate…
Please log in or subscribe to read this article