Emergent Chaos: "What your CEO thinks about security"

Navigate to next or previous posts:

« Neal Stephenson at /. | Emergent Chaos Main page | Hackers sabotage Waikato (NZ) food company »

"What your CEO thinks about security"

(Posted by adam)

Larry Poneman writes:
Unfortunately, CEOs have persisted in focusing on four basic questions that too often stump the most savvy IT professionals:

What is the security return on investment?
What is the probability of a catastrophic security failure?
What is the cost of self-insuring against security risks?
What are the tangible benefits of being an industry leader for security?

Unfortunately? It sounds to me like tending to fiduciary duty before spending money.

There's some great insight into CEO attitudes towards security in here. But the people who need attitude adjustment are the security experts who think that our discipline deserves special treatment and attention. We need to start answering those fundamental questions, then we can look to see budgets that are more to our liking.

(From What your CEO thinks about security (and how to change it) Computerworld, via Info Security News.)

Posted by adam on October 21, 2004 at 11:29 AM in Economics , Security . You can: comment, view comments (1), see trackbacks (0) or search Technorati.

Bookmark this post:

Comments

I agree! Couldn't have put it better...

The sooner security people start moving over to thinking about security as a risk and reward process - where failures are good because they show us where to concentrate efforts - the more security we can deliver.

iang

Posted by: Iang | October 21, 2004 12:25 PM