Security Bytes

Apr 12 2012   1:49PM GMT

The importance of using a full security threat definition

Jane Wright Jane Wright Profile: Jane Wright

How do you define a security threat? If you’re like most IT security professionals, your security threat definition is probably: “The potential occurrence of an attack against an organization’s infrastructure and assets.”

If this was a pop quiz, you could get half credit for that answer. It’s partly true, but it’s not the whole answer, and it’s not the answer your executive leaders and board of directors need to hear.

Christopher Armstrong, CISO of Livermore, Calif.-based Allgress Inc., popped this quiz on the audience during a business risk session at SecureWorld last month, and almost everyone gave the IT-centric answer above. But Armstrong made a strong case for changing our perspective when we talk about security threats.

When you talk to a CEO or a board member about the threats to his or her organization, Armstrong said, there’s no need to go into great detail about the type of attack that may occur, the motivation of the attacker, etc. All he or she really wants to know is: What will it cost us? And, what’s the probability it will happen? 

Telling the CEO or the board that a widespread threat could steal your sensitive customer data isn’t likely to get you the funding you need to stop that threat. But tell them the threat could cost the organization $10 million and there’s a 50% chance it will happen, and they just may open the checkbook for you.

By looking at security projects from a board member’s perspective, as well your own infosec perspective, you’re more likely to get the resources you need to advance your security initiatives.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: