Your board reads the news, watches the headlines... so as the economy once again destabilizes, and it's time to dig in for another possible rough ride - is Anonymous and the hacking epidemic the pink elephant in your board room?
Face it, many of you have been trying to make Information Security a board-level priority since you took your positions, but it's been an uphill battle the whole way - then came the hacking calamity seemingly breaking into everything, stealing and pillaging like an invading horde.
You saw your chance... but then came the economic double-dip and talk of a deeper second recession... now what?
As company boards discuss their strategies for the survival of your organization, are you discussing your security? If not - what's holding you back?
The recent rash of hacking should have been enough to scare any board-level executive into paying attention to the security guy begging to be heard... so why are so many information security professionals still having such a difficult time?
The answer may lie partially with apathy, and partially with the way you present your case. I was once told by a very wise man, "if the answer was no, you simply didn't ask the right question"... too true.
I find many security practitioners are still lacking the communication and business skills to drive security into the board room effectively. While we're articulating the threat in terms we can understand, your board-level executives aren't hearing you, or worse - you're not making any sense.
The reason I think Anonymous may be the big pink elephant in may board rooms right now is that while everyone knows the threat is present, the danger imminent, and the damage catastrophic - we can't seem to make "doing something about it" make business sense.
We need better language, better ways of articulating our points, and a better grasp of the business logic that drives the board-level decisions.
I fear if we miss this opportunity, it'll be gone for good, and the catastrophic results of ignoring security that many organizations are feeling right now will simply fade into the white noise of doing business... and we'll go back to grumbling that no one cares.
What are you doing to shine a spotlight on the big pink elephant in your board room? Are you taking advantage of this opportunity to decrease corporate exposure and risk? Or are you still chasing vulnerabilities?
Cross-posted from Following the White Rabbit
Help Support Infosec Island by Tweeting and Stumbling our Articles - Thanks!