Security Response

What does it take to get attention for IT initiatives in today’s enterprise? In most cases, it means making a compelling business case – and getting the right information to the right people in the right language.

IT risk management initiatives are definitely worthy of executive attention. Our economy is increasingly dependent on the Internet and IT systems, making the risks in these systems far more visible and significant than ever. But, it’s a discipline with a myriad of stakeholders: CIOs, CISOs, enterprise risk management teams, compliance and regulation staff, and internal and external auditors.

Step #1: Choose your words wisely
There are two types of CIOs – infrastructure managers and strategic thinkers. The latter will succeed with their IT risk management agenda because they speak in terms of business advantages, not outages. For example, rather than talking about a "zero day threat," consider simulating the...