Organizations are starting to understand the security risks that must be addressed within their organizations resulting in businesses hiring CISOs, directors of information security, and other security professionals to address this problem. The question then becomes, where to begin?
Using the NIST Cybersecurity Framework as a baseline will give clarity of the security gaps and what needs are to be addressed. The next step is how will this be communicated to the C-Suite to obtain buy-in and, more importantly, budget.
This session will present a process for security professionals to build an information security program from the beginning, obtain buy-in from executives, facilitate a culture of security throughout the organization and communicate security posture to the executive team in their language.
Use the NIST Cybersecurity Framework as roadmap that can include metrics to determine progress.
Develop an outline of an information security program for small and mid-size companies.
Develop business cases for security controls and solutions that will be needed to reduce cybersecurity risk.