Top IT chiefs gave their security policy tips at the recent Infosecurity show. IT directors must frighten their chief executives into getting boardroom approval for expensive security strategies. However, if IT directors go too far they risk losing credibility, according to security managers in blue-chip firms. Speaking at last week’s Infosecurity show in London, David Lacey, head of information security and governance at the Royal Mail Group, said IT managers should be prepared to take full responsibility for security initiatives. “Business directors are actively seeking a neck to blame if things go wrong, so the personal touch is useful,” he said. “Use the fear factor selectively and objectively, but don’t cry wolf.” Lacey added that IT directors also need to convince the board that security spending is an investment rather than an overhead, because firms could use security drives to enhance brand value. Jill Trebilcock, the BBC’s head of data and information security, said IT directors needed to work harder to show the return on investment from security spending. She advised IT managers to outline where security initiatives could cut costs – for example by demonstrating that spam filters could reduce administrative overheads. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.