QOTD - Do Executives Get InfoSec?

[...] security issues have been worded in arcane language since they first came about – and this has led to the emergence of the Chief (information) Security Officer.

This means that the rest of the C-level staff can carry on as they want – cyber security is someone else's responsibility. Unfortunately, CSO staff tend to be security specialists – not business specialists, and so get in the way of business happening, with more of an approach of “don't do this”, rather than “how can we do this securely?”.

Security has to be baked in to the business – and not just at a cyber level.  Security is a business issue, and has to include how people operate; how information is used (including via telephone, paper and any other way).
-- Clive Longbottom, founder and analyst at Quocirca

Src: CEOs still don't get cyber security, study finds - SC Magazine UK

No comments: