Return on Investment. Words that typically bring dread to the heart of any information security professional. Some have even gone so far as to advocate that it is a useless term in our industry given the nature of the threat environment with which we constantly live. If you look back at my last post entitle “You get nothing! You lose! Good day, Sir!” you will see a conversation that revolves around on how CISOs are viewed as out of touch by their C-Level peers.
I came across an interesting article at Forbes today entitled "Cyber Security and the Danger of Ostriches in the Boardroom". The article is aimed at course at business leaders and attempts to highlight reasons why they need to be fully engaged in the information security dialogue.
I of course whole heartedly agree with this but let’s be realistic here. We have been trying to bridge this divide for quite some time. We have been trying to portray ourselves as friends of the business however we’ve (for the most part) been less than successful in our endeavors.