720-891-1663

 

Sadly, there are times when a prophet is not accepted in his own country. This happens to many a competent professional. Generally, no one knows the IT security environment better than the resident security engineers. However, if you find it difficult to obtain sufficient funding or support from management to implement the solutions needed, you might have to look outside the organization for assistance.

Experience has shown that the key to any successful venture is communications. Keeping management informed of the current state of security is critical. This can be accomplished by having recurring or at least periodic management reports to the executive levels. These reports need to be timely, informative, focused on the risks to the business and easy to understand. If the report is too technical or lengthy its effectiveness will be diminished. Management support is essential so whenever the security program is in question, a professional and competent communication from the security team will realize desired results.

There will be times when outside assistance for an information security assessment will be required. Outside firms are afforded the opportunity to observe good and bad security programs. They are able to bring a level of insight that the resident security group might not have the opportunity to see. They also have a wider view of business models to compare your business enterprise to.

Look for a firm that uses cyber security professionals to do the assessment as opposed to financial experts who are just filling out questionaires. ISACA is well known as an audit firm, but usually the personnel doing the assessment have no real depth of knowledge re: cyber security or your systems and issues. When a problem is discovered, you want someone you can talk to about real options and solutions.

 
z z