How Will This Affect Operations?
While certain security tools, technologies, and processes will be essential to risk mitigation, just about every veteran security manager knows they can come at the price of convenience and productivity. How should this be explained to management? Be prepared to make a convincing case when asked why certain sacrifices may be needed.
"If security controls impact the ability to realize business goals, they likely won’t be supported," Hamm says. "It’s important to tie the risk with the acceptance of some productivity hurdles. That said, if your control proposal is to 'stop all risk,' you’re going to have a bad time. Think guardrails, not roadblocks, when pitching controls to the business."
(Continued on next page)