Bookmark and Share

Creating a Dynamic and Actionable Information Security Plan

An effective security plan follows where the business is going, a consensus that was reached by everyone at Phani Dasari’s roundtable. As the business changes, security has to follow suit. Security executives also need to seek support and buy-in from the board in order for a security plan to flourish and thrive throughout the business. As security executives pitch new projects to the board, they can bring a clear understanding of the risks these projects seek to mitigate, so the board will be more amenable to allotting the proper budget to achieve them. The group also discussed how executives can ensure that their business is cyber ready, deciding that working with SOC members who can identify and fill in security gaps within applications and the organization is a great way to start. Executives can also make security mindfulness a part of the business culture, not just by training employees but also by making security a part of their personal lives. If employees are given the tools to protect their devices both at work and at home, then they are more liable to permanently adopt better security behaviors. Finally, it is wise for executives to build a crisis management plan ahead of time and constantly test its effectiveness, so that when real crises happen, they and their security teams are prepared to handle them.