It's often said but rarely followed: The security manager isn't accountable for security; rather, he is accountable for making sure everyone else in the company is accountable for security. In this presentation, Tom Doughty, vice president of information systems at Prudential Financial, shows you the most effective ways your security team can motivate -- rather than mandate -- security sensitivity in an organization's various lines...
of business. Doughty shares Prudential Financial's philosophy that final accountability for maintaining secure business practices belongs to the business stakeholders. You see how the organization has moved toward functional-level execution of enterprise-level control initiatives. Plus, you learn how security can be baked into business processes without incurring unwanted costs, project delays or headaches.
Download this presentation for a solid understanding of:
Read more tips and expert advice on creating a corporate culture of security
View more presentations from some of the industry's foremost security practitioners
Learn more about Information Security Decisions
- The keys to "backward planning" for security, i.e. how security professionals can advocate for their interests in terms management understands
- Why fluid controls for fluid stakeholder objectives drive business management ownership
- The difference between belief-driven execution and rule-driven execution as a control multiplier
- The value of business management and staff as intelligence gatherers for your security program
- The key difference in stakeholders' perspective of security programs versus technical risk management programs
Why C-level buy-in is not enough