« Aligning Your Awareness Program With Business Goals | Main | Defining the Value of Security During the Current Economic Downturn »

July 31, 2008


Dr Walt Foultz

I would hope this conversation has been conducted in many such enlightened organizations over the recent months. It is now obvious to every family member in every household in the US that security is a bigger concern today than at any time in our history. The impact of inadequate security is becoming more noticeable and problematic with each passing day and with every new publicized security breach.
Who the top security official should report to, will probably never be cut in stone as it could vary depending on the business or type organization being protected. I would recommend a few things to consider when making this determination however. They are:
1. How serious are you about security? Not the political words you are required to say, but are you willing to give this person and function real authority? If not, it really doesn’t matter what the reporting structure is.

2. Who in the organization has the most to lose if security fails big time? They are probably the person security should report to.

3. If you ever ask yourself what return on investment you can expect by having good security, then you are not ready to have good security. Good security may well bring in more business and keep the business you have, but a return on investment should never be the primary goal.

4. Security, especially good security is expensive. In this field you get what you pay for.

5. Lastly, I think universities offering MBA programs should alter their curricula to include a required course on security in the business environment overall, but especially information security. If we are to expect businesses to be run more effectively by MBAs, then they should be academically informed of this increasingly important business function.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)