Saahil Goel | Critical IS Management Issue

Not enough awareness about information security

Communication gap between security professionals and management

Management views security as a sunk cost

Information may not be available in an understandable form

Management takes a reactive rather than proactive approach to IS Security

IS Security can save organization from Loss of customer trust Bankruptcy Lawsuits Loss of competitive advantage Breach of sensitive data

IS Security can help organization Improve processes Increase efficiency Reduce costs Improve employee/customer satisfaction Generate additional revenue

Top Management Buy In Understand cost savings Develop material which management can

understand Develop tools for measurement of IS

Security spend and return

Employee Training Internal threat- most dangerous (intentional

& un-intentional) Mandatory Internal training and certification Create culture where IS Security is part of

the DNA of organization IS Security knowledge to be made

mandatory for all departments in an organization

Make employees understand their position in the IS Security strategy of a company

Stringent Security Policies Tools are available Enforcement needs to be beefed up

Intrusion Detection Systems and Auditing IDS: specific documentation of steps, roles and

responsibilities in case of a breach Auditing

Specific Reports to be generated – failed logins, distinct logins from single machine, etc.

Increase productivity and identify trouble-makers Check how well awareness has spread Measure security breach readiness within a

company