Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Benchmarking security posture

From: ttate () ctscorp com
Date: Thu, 21 Dec 2006 1:35:21 PM+0500
I just got out of an interesting meeting with several executives (primarily in audit, finance & treasury). This was 
really the first opportunity that I have had to sit with this group and discuss infosec as a business requirement 
versus compliance requirement. So, I went into the meeting thinking it would be a session to talk about awareness of 
risks and the tenets of infosec (CIA, protect, detect, respond and recover). I had a wakeup call from this group and am 
looking to you as my peers for some help in the areas where I could use some assistance in communicating to the 
business leaders. 
Basically I came across as talking at too abstract of a level without details about security and how it affects my 
company. This was even with using specific examples of "we can pursue XYZ type of business if we have these ABC types 
of security practices in place". My question to the attendees was: what types of business do you want to be in? 
Basically, I was using the approach that security can be a business enabler and not just an insurance policy. We are a 
manufacturing company. I was also trying to get a better understanding of the types of customers we currently serve and 
what the risk is if any data from those types of business is compromised. You know the analogy that infosec is like the 
brakes on a car, they are not there to slow you down but so you can go faster. Maybe you can get better use of that 
analogy than I can ;) 
The result of this conversation was that I was told that I should know enough about the business to propose a plan that 
is benchmarked against other similar sized organizations in the same industries. So, where this leads me then is: 
Where do I find information about infosec postures at organizations similar in size ($500M-1B in revenues) and in 
industry (manufacturing)? I know that I can ask you folks as peers and I am definitely grateful and appreciate your 
assistance, but do you have any sources where you get similar information? 
Thanks for any feedback and hope everyone has a safe and happy holiday season & may 2007 be a great year for all!! 
Regards, 
Troy Tate
Previous By Date Next
Previous By Thread Next

Current thread: