Bruce Schneier reports on a report:

Most C-level executives view security as an operational issue — kind of like facilities management — and not as a strategic review. As such, they don’t have direct responsibility for security

Why Management Doesn’t Get IT Security, Bruce Schneier, 8 Nov 2006

Such attitudes about security have caused many organizations to distance their security teams from other parts of the business as well. “Security directors appear to be politically isolated within their companies,” Cavanagh says. Security pros often do not talk to business managers or other departments, he notes, so they don’t have many allies in getting their message across to upper management.

Kicking Some Brass, Tim Wilson, DarkReading, NOVEMBER 2, 2006

Why should executives get involved with directly managing a bunch of clerks over a bunch of stuff? Continue reading →