http://itknowledgeexchange.techtarget.com/security-hammer-time/are-security-leaders-that-incompetent-or-is-security-simply-still-not-a-priority-within-organizations/ Andrew Weidenhamer's opinion on security and regulatory compliance related topics. Sun, 30 Sep 2012 19:04:04 +0000 hourly 1 http://itknowledgeexchange.techtarget.com/security-hammer-time/are-security-leaders-that-incompetent-or-is-security-simply-still-not-a-priority-within-organizations/#comment-20 ekardris Sun, 30 Sep 2012 19:04:04 +0000 http://itknowledgeexchange.techtarget.com/security-hammer-time/are-security-leaders-that-incompetent-or-is-security-simply-still-not-a-priority-within-organizations/#comment-20 What I’m hearing you say is that, when it comes to security, the buck stops with the managment team.  The management team sets the budget, scope and priorities for security, not the security expert.  I do find though that most technical and security experts don’t understand this.  So take on the responsibility for the security on thier own shoulders.  Almost enabling the CEO and managment teams not to be supportive.When I work with managment and technical teams, I try to identify this situation for the CEO.  Then work with the managment team to quantify business measurements for security levels.  Then hold the security team accountable for meeting those requirements.  Most security teams can handle this and after they get it, are actually relieved when managment takes ownership of the security for the organization.Thanks for the article

]]>