Security Bytes

Jun 2 2011   6:45PM GMT

Tips for selling security

Marcia Savage Marcia Savage Profile: Marcia Savage

Selling security to business executives is never easy, especially in a slow economy. One infosec manager discussed the difficulties and offered some tips for success in a presentation at the Cornerstones of Trust 2011 conference in Foster City, Calif., Wednesday.

“Sometimes just getting heard can be difficult,” said Justin Drain, data security manager at Fremont Bank. The standard approaches — fear and compliance — have distinct limitations. “Compliance is not security,” he said. “It doesn’t go far enough.”

Security managers need to take an integrated approach that starts with building a solid case for security, including metrics, he said. They should frame security in a positive light, understand their audience and speak their language. “Be prepared to defend the obvious,” Drain said.

It’s critical security managers be in the room when decisions are being made and options discussed, he said. “However, not all of us are far up enough in the food chain. If you can’t be there, you need an advocate or to build an advocate.”

Educating both executives and the rank and file about security is important, Drain said. “Make sure executives are so educated that they ask for security before you do.”

Cornerstones of Trust is an annual event co-hosted by the Information Systems Security Association’s Silicon Valley and San Francisco chapters and San Francisco Bay Area InfraGard.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: