Information Security: Does your CEO know?June 27th, 2013 by Melanie Watson
It has become apparent to us when speaking to our customer base (made up largely of CIOs, CTOs, CISOs and anyone involved with an organisation’s information and/or IT systems), that many CEOs have no idea about how to secure their information assets.
So if you want to raise an information security risk issue or ask for a project to be signed off, your CEO is either nodding blindly to something they know little about, or is being extra difficult in terms of agreeing with you. Either of these options are not good news, especially when your organisation’s reputation, finances and information are at stake. If only your CEO knew….
The question you’ve probably asked yourself a million times is: ‘How do I sell information security to the Board?‘
You need to build a business case that informs, convinces and gets the Board to back your plans in order for it to be a success and get pulled out across the whole organisation. Alan Calder (a CEO that actually understands the importance of information security) has written a handy pocket guide (aptly named, Selling information security to the Board) that will help you persuade Board members to commit to your information security initiatives.
Information security is an integral part of your business and should be recognised by staff and Board members alike. ISO 27001, the international information security standard, is known as the standard for aligning your information security management system to. But getting buy-in for this project can be equally as challenging.
IT Governance provide the support and guidance you need for delivering your ISO 27001 and information security projects, working to a budget and timescale that suits you.
IT Governance is the one-stop-shop for ISO 27001. We publish books & documentation toolkits, deliver industry leading training courses (public and in-house), and have end-to-end consultancy support that can be tailored to your specific needs.