Tag: CISM
-
Lesson Learned from a CISO: Visualizing Information Security Priorities
At a recent security convention, I had the opportunity to meet and learn from an experienced CISO. This CISO introduced me to a simple yet powerful method for managing an information security program using a bubble chart. I want to share the insights I gained from this valuable lesson and how it can help prioritize…
-
Managing Budget Constraints in Information Security: How to Prioritize Security Controls by Timing and Impact
Introduction When prioritizing security controls, it’s important to consider both timing and impact. Prioritize by time. Prioritize by impact. Now that you have identified the security controls that have the highest potential impact on your organization if they are not implemented, it’s time to prioritize those with a medium or low impact. This can be…
-
Shifting the Conversation: How to Successfully Propose an Information Security Program Without Focusing on Cost
Introduction The first step to improving a company’s information security program is establishing a baseline of what that program looks like and where it is lacking. This means understanding the current state of your organization’s data, assessing the risk of losing that data, and identifying what could be done to prevent such a loss. However,…
-
Maximizing ROI: How to Justify an Information Security Program to Senior Management
Introduction Information security is a topic that only sometimes gets the attention it deserves. The threat of cyber-attacks is growing, but senior management might need help understanding why implementing an information security program is necessary. This will explain how to make a business case for investing in your company’s cybersecurity. We’ll also give you some…
-
Building an Effective Information Security Program Without a Top-Down Approach: Strategies for Small and Medium-sized Organizations
Introduction Information security is a critical part of any organization’s IT infrastructure. It helps to protect the confidentiality, integrity, and availability of an organization’s data, which in turn helps to protect its reputation and brand. Despite this, many small and medium-sized organizations still need an effective information security program. This can lead to significant financial…
Governance Risk and Compliance 