Bookmark and Share

Recent Posts

What Does It Take for Security to Get Management Attention?

December 17, 2013

What does it take to get management's attention, to get the higher ups to be serious about getting something done with securing systems?

I really enjoy discussing and implementing systems security. However, most of my work is focused on performance issues. Somehow performance and/or availability get all the attention of management who assign administrators time to work on something. Management doesn’t feel any "pain" in the security area—except if you fail an audit, at which time the solution is to fix the failure points enough that a "pass," is given and then everyone gets back to correcting the real (i.e., performance, availability – NOT security) issue.

For me, personally, this is very frustrating. Why? Because a company that has finally realized that something needs to be done (suffered a "security breach") will likely not be in business long enough to get anything fixed. Read any security report or attend any security conference and you will hear a common message: The odds are against the average company, which has no security policy or no real implementation of one, relying on an IT audit to spot everything in time to prevent disaster.

So, I ask you – am I crazy – or is it time security was given some love?

Your opinion counts  so tell me what you think will help to get management's attention! Are your systems secured they way they should be? Would you like to do more but there’s no time—or priority—to secure systems as part of best practice? What are your security best practices missing? Does management ignore this issue? What has gotten their attention in the past? Anything? 


Posted December 17, 2013| Permalink

Post a Comment

Note: Comments are moderated and will not appear until approved

comments powered by Disqus