Find us on
 |
 |
 |
Upcoming Events
 |
My Computer Ate My Data, Changed My Students' Grades and Stole My Money |
 |
Mobile Measurement of Behavioral and Social Health at Population Scale |
Past Programs
 |
Cyber War, Cyber Peace, Stones, and Glass Houses |
 |
Real-Time Crowd Support for People with Disabilities |
 |
Cyber Operations and National Security |
 |
CISO vs. Adversary |
An important part of ensuring our national security is the security of the nation's critical infrastructures, including the business organizations that compose them and are so important to our way of life. These organizations and infrastructures consist mainly of private or publicly-held firms, and the security of them depends centrally on the approaches that value chains/extended enterprises (groups of companies), individual firms, and decision-makers take with respect to information security and continuity planning.
There is a prevailing view at many levels in corporate America that "information security today is much like quality was twenty years ago: bolted-on, not built-in, viewed as an inhibitor of operations, and residing in a 'special' department" (Dynes 2004). This has to change and, while it is certainly a leadership issue, to a large extent it is up to the information security professionals in any enterprise to help guide corporate leadership to this change.
Information security professionals in many firms find their security initiatives hindered because of their inability to communicate effectively within the business. Simply understanding the technology and the technical risks is often not enough to generate action. Typically, this communication failure stems from an underlying lack of business education, a lack of understanding of how to change the corporate culture around security, and an inability to communicate the business case for information security.
