Rating: 5 out of 5 stars
5/5
Ebook68 pages1 hour
Selling Information Security to the Board: A Primer
By Alan Calder
Rating: 0 out of 5 stars
()
About this ebook
Information technology plays a fundamental role in the operations of any modern business. While the confidentiality and integrity of your organisation's information have to be protected, a business still needs to have this information readily available in order to be able to function from day to day. If you are an information security practitioner, you need to be able to sell complex and often technical solutions to boards and management teams.
Persuading the board to invest in information security measures requires sales skills. As an information security professional, you are a scientific and technical specialist; and yet you need to get your message across to people whose primary interests lie elsewhere, in turnover and overall performance. In other words, you need to develop sales and marketing skills.
This pocket guide will help you with the essential sales skills that persuade company directors to commit money and resources to your information security initiatives.
Author
Alan Calder
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Read more from Alan Calder
ISO 22301:2019 and business continuity management - Understand how to plan, implement and enhance a business continuity management system (BCMS) IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT Rating: 4 out of 5 stars4/5Information Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5ISO/IEC 38500: The IT Governance Standard Rating: 5 out of 5 stars5/5Risk Assessment for Asset Owners Rating: 4 out of 5 stars4/5Information Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5PCI DSS: A pocket guide, sixth edition Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5The Case for ISO27001:2013 Rating: 1 out of 5 stars1/5EU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsIT Governance: A Pocket Guide Rating: 3 out of 5 stars3/5Cyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5ISO 27001/ISO 27002: A guide to information security management systems Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsCompliance for Green IT: A Pocket Guide Rating: 5 out of 5 stars5/5The EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsNine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsThe Green Agenda: A Business Guide Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratingsThe Green Office: A Business Guide Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide - 3rd edition Rating: 0 out of 5 stars0 ratings
Related to Selling Information Security to the Board
Related ebooks
Nine Steps to Success: An ISO27001:2013 Implementation Overview Rating: 1 out of 5 stars1/5The Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors Rating: 0 out of 5 stars0 ratingsThe Human Fix to Human Risk: 5 Steps to Fostering a Culture of Cyber Security Awareness Rating: 0 out of 5 stars0 ratingsInformation Security Breaches: Avoidance and Treatment based on ISO27001 Rating: 0 out of 5 stars0 ratingsInformation Security Auditor: Careers in information security Rating: 0 out of 5 stars0 ratingsThe Chief Information Security Officer: Insights, tools and survival skills Rating: 1 out of 5 stars1/5Infosec Management Fundamentals Rating: 5 out of 5 stars5/5Getting an Information Security Job For Dummies Rating: 0 out of 5 stars0 ratingsInformation Security Governance: A Practical Development and Implementation Approach Rating: 0 out of 5 stars0 ratingsInformation Security A Practical Guide: Bridging the gap between IT and management Rating: 5 out of 5 stars5/5Cyber Intelligence-Driven Risk: How to Build and Use Cyber Intelligence for Business Risk Decisions Rating: 0 out of 5 stars0 ratingsCertified Cybersecurity Compliance Professional Rating: 5 out of 5 stars5/5Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats Rating: 0 out of 5 stars0 ratingsIT Induction and Information Security Awareness: A Pocket Guide Rating: 0 out of 5 stars0 ratingsAsset Security: CISSP, #2 Rating: 0 out of 5 stars0 ratingsThe Insider Threat: Combatting the Enemy Within Rating: 0 out of 5 stars0 ratingsAn Introduction to Information Security and ISO27001:2013: A Pocket Guide Rating: 4 out of 5 stars4/5Information Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5The Psychology of Information Security: Resolving conflicts between security compliance and human behaviour Rating: 5 out of 5 stars5/5CISA Certified Information Systems Auditor Study Guide Rating: 5 out of 5 stars5/5Cyber Security Awareness for CEOs and Management Rating: 2 out of 5 stars2/5PCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsSecurity Leader Insights for Success: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Security Leader Insights for Effective Management: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsSecurity and Risk Management: CISSP, #1 Rating: 5 out of 5 stars5/5Risk Management and Information Systems Control Rating: 5 out of 5 stars5/5Cyber Resilience: Defence-in-depth principles Rating: 0 out of 5 stars0 ratings8 Steps to Better Security: A Simple Cyber Resilience Guide for Business Rating: 0 out of 5 stars0 ratings
Computers For You
The Mega Box: The Ultimate Guide to the Best Free Resources on the Internet Rating: 4 out of 5 stars4/5Mastering ChatGPT: 21 Prompts Templates for Effortless Writing Rating: 5 out of 5 stars5/5Procreate for Beginners: Introduction to Procreate for Drawing and Illustrating on the iPad Rating: 0 out of 5 stars0 ratingsStorytelling with Data: Let's Practice! Rating: 4 out of 5 stars4/5Quantum Computing For Dummies Rating: 0 out of 5 stars0 ratingsThe ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratingsTor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5AWS Certified Cloud Practitioner All-in-One Exam Guide (Exam CLF-C01) Rating: 5 out of 5 stars5/5SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide Rating: 5 out of 5 stars5/5Deep Search: How to Explore the Internet More Effectively Rating: 5 out of 5 stars5/5Artificial Intelligence: The Complete Beginner’s Guide to the Future of A.I. Rating: 4 out of 5 stars4/5Grokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5101 Awesome Builds: Minecraft® Secrets from the World's Greatest Crafters Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Learning the Chess Openings Rating: 5 out of 5 stars5/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5AP® Computer Science Principles Crash Course Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Practice Questions Rating: 2 out of 5 stars2/5Elon Musk Rating: 4 out of 5 stars4/5Ultimate Guide to Mastering Command Blocks!: Minecraft Keys to Unlocking Secret Commands Rating: 5 out of 5 stars5/5User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Rating: 4 out of 5 stars4/5CompTIA IT Fundamentals (ITF+) Study Guide: Exam FC0-U61 Rating: 0 out of 5 stars0 ratingsThe Professional Voiceover Handbook: Voiceover training, #1 Rating: 5 out of 5 stars5/5
Related podcast episodes
cybersecurity maturity model certification (CMMC) (noun) [Word Notes] 0% found this document usefulIs enhanced hardware security the answer to ransomware? [CyberWire-X] 100% found this document usefulThe Foolproof Way To Pass The CIPPE Exam In 2 Weeks 0% found this document usefulCybersecurity Trends and Practices 0% found this document usefulCybersecurity and Hacking with Kevin Mitnick 0% found this document usefulCyber Resiliency with Sounil Yu 0% found this document usefulCyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd. 0% found this document usefulHow To Overcome Challenges Every DPO Faces 0% found this document usefulGreat Minds Think Differently: Neurodiversity and Vulnerability in Leadership 0% found this document useful
Related articles
“DORA Is A Force For Good And Will Help Businesses To Make Better Decisions, Faster” PC Pro MagazineArticle
“DORA Is A Force For Good And Will Help Businesses To Make Better Decisions, Faster”
Apr 10, 2022
6 min readWhy Leaders Need To Take A Risk-based Approach To Data Security NZBusiness and ManagementArticle
Why Leaders Need To Take A Risk-based Approach To Data Security
Jul 21, 2021
5 min readCybersecurity Firm Fireeye Says Was Hacked By Nation State TechLife NewsArticle
Cybersecurity Firm Fireeye Says Was Hacked By Nation State
Dec 12, 2020
3 min readCyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL Inc.Article
Cyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL
Sep 21, 2016
Data breaches can have far-reaching repercussions; protecting against them is a companywide mandate
2 min readTop Eight Cybersecurity Predictions For 2022-23 NZBusiness and ManagementArticle
Top Eight Cybersecurity Predictions For 2022-23
Jul 20, 2022
3 min readFive Lessons Of Cybersecurity The Public Sector Can Offer The European Business ReviewArticle
Five Lessons Of Cybersecurity The Public Sector Can Offer
Jun 1, 2022
15 min readArtificial Intelligence: The Next Step for Cybersecurity Cannabis & Tech TodayArticle
Artificial Intelligence: The Next Step for Cybersecurity
Apr 1, 2019
3 min readCybersecurity: It Might Be The Small Stuff That Gets You NZBusiness and ManagementArticle
Cybersecurity: It Might Be The Small Stuff That Gets You
Jan 16, 2020
2 min readVulnerability Assessments PC Pro MagazineArticle
Vulnerability Assessments
Jan 7, 2021
3 min readCybersecurity Courses Ramp Up Amid Shortage Of Professionals AppleMagazineArticle
Cybersecurity Courses Ramp Up Amid Shortage Of Professionals
Jun 17, 2022
7 min readCOVID-19 and Cybersecurity Beijing ReviewArticle
COVID-19 and Cybersecurity
Jun 4, 2020
4 min readData Compliance Checklist MarketingArticle
Data Compliance Checklist
May 15, 2019
People had a lot to say about Google’s January AU$80 million fine for breaching the General Data Protection Regulation (GDPR) – and rightly so. It was the first time a tech giant suffered a financial penalty under the GDPR. The fine served as a signa
3 min readData Security Standards Linux FormatArticle
Data Security Standards
Aug 24, 2021
A lot of engineers like to rail against standards as pointless box-checking and in some cases they are. Especially when it comes to things like PCI-DSS. Fundamentally, any engineer can look at PCI-DSS and say honestly that it’s obvious, and that all
1 min readEverything You May Have Wanted to Know About Ethical/Whitehat Hackers TechfastlyArticle
Everything You May Have Wanted to Know About Ethical/Whitehat Hackers
Oct 21, 2020
5 min readStates At Disadvantage In Race To Recruit Cybersecurity Pros AppleMagazineArticle
States At Disadvantage In Race To Recruit Cybersecurity Pros
Oct 1, 2021
4 min readHow to Protect Your Small Business Against a Cyber Attack EntrepreneurArticle
How to Protect Your Small Business Against a Cyber Attack
Feb 1, 2013
8 min readDedicated Cybersecurity Committees NZBusiness and ManagementArticle
Dedicated Cybersecurity Committees
Apr 25, 2021
By 2025, 40 percent of boards will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10 percent today, according to Gartner. This is one of several organisational changes Gartner says, in a statement, th
1 min readAct, Don't React: A Leader's Guide to Cybersecurity Rotman ManagementArticle
Act, Don't React: A Leader's Guide to Cybersecurity
Sep 1, 2019
9 min readTime To Get Serious About Cybersecurity NZBusiness and ManagementArticle
Time To Get Serious About Cybersecurity
Jul 21, 2021
3 min readAttacked By Cyber Criminals Saturday StarArticle
Attacked By Cyber Criminals
Jan 9, 2021
4 min readMarketers: Stop Being A Privacy Liability MarketingArticle
Marketers: Stop Being A Privacy Liability
Jun 6, 2018
Trustworthiness begets a positive customer experience. As a marketer, you intuitively know that having a trustworthy brand is important. Consumers today are also increasingly aware of the value of their personal data. As a result, brands can no longe
2 min readStarting a Successful Home Security Company: Step-By-Step Guide Home Business MagazineArticle
Starting a Successful Home Security Company: Step-By-Step Guide
Mar 30, 2023
4 min readExpert Advice: How to Up Your Cyber Security EntrepreneurArticle
Expert Advice: How to Up Your Cyber Security
Feb 1, 2015
2 min readSensing From Within: The Insight-Driven Organization Rotman ManagementArticle
Sensing From Within: The Insight-Driven Organization
Sep 1, 2019
8 min readFive Easy Privacy Mistakes Leaders Make NZBusiness and ManagementArticle
Five Easy Privacy Mistakes Leaders Make
Apr 18, 2023
2 min readThe Gold Standard MarketingArticle
The Gold Standard
Jun 6, 2018
9 min readNext Phase Of Digital Business Revolution Set To Be Driven By Companies That Adopt Tech At Its Core Business TodayArticle
Next Phase Of Digital Business Revolution Set To Be Driven By Companies That Adopt Tech At Its Core
Feb 6, 2023
2 min readPrivacy: The Price Of Trust Inc.Article
Privacy: The Price Of Trust
Aug 17, 2021
How will cybersecurity and data privacy evolve over the next decade? We’re hearing from our customers that cybersecurity and data privacy are increasingly becoming board-level conversations. Companies will start to think about privacy, security, vend
1 min readThe Million Dollar Question The European Business ReviewArticle
The Million Dollar Question
May 22, 2018
More than a decade ago, the metaphor “data is the new oil” shook the world and left organisations scrambling for ways on how they could translate it into tangible value for their business. While others already reaped and are reaping the benefits emer
2 min readDiagnosis: We Have Pii And Ip… Now What? The European Business ReviewArticle
Diagnosis: We Have Pii And Ip… Now What?
Oct 2, 2023
5 min read
Reviews for Selling Information Security to the Board
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
Selling Information Security to the Board - Alan Calder
Resources
INTRODUCTION
C-suite IT and information security executives have usually attained their responsible positions by being good at the technical aspects of their functions. Their background, schooling and higher education are mostly in science or technology disciplines. They understand information technology, they’re usually up to date with the latest threat developments, trends and risks, and they know their way around the network infrastructure. They may have a good understanding of IT-related best practice frameworks, such as ITIL®, COBIT®, PRINCE2® and ISO27001. They understand information risk.
Boards, however, across most business sectors, are mainly made up of people drawn from a wider educational background, and whose business experience is primarily in commercial operations or sales. The chief executive is almost always someone whose career includes at least a significant stint in general operations, sales or marketing. His or her primary interest is the overall performance of the business: top-line growth, customer acquisition and maintenance, new product/service development, and bottom-line progression. The second most influential person in the top team is usually the chief financial officer, or finance director, someone whose primary interest is the financial representation of the business performance.
Other senior directors are usually directly interested in their line of business or area of functional responsibility whether, for example, sales and marketing, or senior divisional roles. Non-executive board members tend also to be there for reasons other than their interest in, or awareness of, emerging technologies: it might be finance or compliance, but it is usually related more to what they can offer around customer acquisition, sales and marketing, or stakeholder management. Other than in technology businesses, few if any members of the senior management team, have a direct role or interest in IT or in IT’s role in business operations.
Information technology is fundamental to business performance today. Information and information technology has to be appropriately protected: confidentiality and integrity must be preserved, while ensuring that information and technology resources are available to those who need them to perform their roles. IT and information security requires investment – of money, time and resources – by the business. Decisions about where and how to invest business resources are made by top management, people with little awareness of, and less interest in, something about which you, the technology or security leader, may be extremely knowledgeable, and the benefits of which are, to you, as plain as the nose on your face.
The problem, in a nutshell, is that for the good of the organisation, you have to find some way of getting uninterested managers and directors to understand enough about a potential technology risk to commit money and resources to applying effective controls. This is a problem faced by sales and marketing people every day: it’s how your organisation’s products and services get (eventually) into the hands of customers.
You’re not a sales and marketing professional. You may even think that sales and marketing professionals swim in the shallow end of the relationship pool. A significant part of the senior management team is made up of people with sales and marketing backgrounds and you need to find a way of getting your message to
Enjoying the preview?
Page 1 of 1