Why InfoSec for leadership?
As the pace of change and innovation increases, leaders need to know that they’re adequately managing their information security risks.
The problem with InfoSec models today is that they’re not strategic, instead focusing on tactical things like:
- getting technical controls in place & IT
- achieving a certification
The first treats information security as a technology problem and tends toward further siloing an organisation at a time when things are going the other way. The second one treats it as an administrative hindrance – like paying for a license – when actual process can be long and protracted, making it hard to understand progress.
So, how can organisational leaders trust that the technical and administrative things that they’ve delegated are working? How can you, as a leader, sleep soundly at night without becoming a technical cybersecurity expert or bogging yourself down with details.
The answer is simple – good information security is about governance, and governance is the job of an organisation’s leadership. The key is to understand how good information security manifests as valuable decision-making information.
This model outlines:
- how to evaluate your organisation’s information security risk without being a cybersecurity or tech experts
- how to evaluate your own organisation at the highest level
- the role of individuals and hiring that affect overall security
- incremental steps an organisation that’s operating securely even if you’re not ready for any certification
Interested in this model? Sign up to be notified when it’s released later this month.