In communicating your needs to upper management, it can be helpful to discuss security in terms of three distinct stages, as described here:
- Passive. At this stage, the security team and the business principals cooperatively develop the policies and guidelines needed to protect the organization’s information.
- Active. At this stage, the security team implements the technologies needed to support the Security Life Cycle: Detect, Assess, Respond, and protect. This stage typically requires the most resources.
- Integrative. At this stage, security is an integral part of business decisions. To support the organization’s business goals, existing policies are revised and new security technologies are selected.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.