Page 37 - Cyber Warnings
P. 37
1. Demand Executive Support
This may not be easy, however, you will have to get the Board of Directors, the CEO, CFO,
CIO, etc., all top level executives to agree that, fiduciarily, the right thing to do to avoid a breach
is to have an annual budget, agree that training of all employees is important, that a corporate
security policy is a must have and how the corporation will react if and when a breach actually
does happen.
Steps involved:
1) Schedule a meeting with key executives (Board Members, CEO, CFO, CIO, etc.) and
explain that you want to share a way to dramatically reduce the risk of the
corporation suffering a major outage, fines, penalties, lawsuits, business disruption
and possibly going out of business. That will get their attention.
2) Present they typical costs of a Breach and why you think your organization is at risk.
Try to cover what you think your organization is missing from my 7 Offensive
Security Secrets – funding, training, frequently tested backups, corporate security
plan, fuel for the backup diesel generator, corporate wide encryption, etc.
Whatever the infosec gaps and related issues that are on your mind should be
presented in an organized and thoughtful fashion.
If you could sum up the costs in people/time/money that you need vs the cost of a
th
breach, you’ll probably find that your requests are 1/10 or less than the cost of a
breach.
3) Explain that this is an ongoing process, you’d like to document steps being taken and
results on a mutually agreeable frequency and then schedule your first followup
meeting with them to present the ongoing risk reducing results.
37 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide