Cybersecurity Tip of The Day #5

Give more stakeholders within your organization some skin in the game

When building an information security program one of the biggest mistakes you can make is going at it alone. Security programs and teams are faced with extremely difficult and risk-based decisions on a fairly regular basis and it's foolish to allow the entire burden of those decisions to fall on one person or team. Information security is a business issue, therefore many business stakeholders should be involved in setting the direction of the program. Build a committee, get them involved in program decision-making, present them top organizational risks, and allow them to accept some skin in the game for securing the business. The benefits far exceed personal or programmatic risk transfer. The real purpose is to ensure organizational alignment and transparent governance.

#cybersecurity #governance #teamwork