Open Letter to New Security Manager

Posted June 27th, 2007 by

Let me be one of the first to congratulate you. Whether your title is CISO, ISSO, Manager, or Consultant, being a security manager is an accomplishment.

Now for the bad news:   You need to go into the job knowing that you will always be short on people, time, and money.  Good people are hard to come by, and as soon as you get them trained up, they’ll change jobs because they outgrew what you hired them to do.  Time is critical because effective security requires cooperation with all the other business disciplines which takes time and effort.  Security is seen as a cost center, so any good business will try to limit security spending in order to maximize their profit.

My friends at ISM-Community have developed an Information Security Management Top 10 document with some very solid practical advice for how to survive in today’s security environment.  Think of it as a list of meta-themes that all successful security managers and programs have in common.

The ISM Top 10 doesn’t solve all of your people, time, and money problems, but it can help you to recognize trends and set a long-term strategy to winning.



Similar Posts:

Posted in ISM-Community, Risk Management, What Works | 2 Comments »

2 Responses

  1.  cutaway Says:

    Your “bad news” does a good job of summing up the general issues. A quick glance at the “Top 10” list provides a good look at a new CISO’s upcoming challenges for him/herself and their organization.

    Go forth and do good things,
    Cutaway

  2.  rybolov Says:

    Thanks cutaway

    I think we can all see the problem, the question is what we do about it. That’s where you end up with the varying schools of thought: compliance clingers, SANS ultra-technicians, pragmatic CSOs, ISMS ala 27001, and the “forget it all, let’s go back to 3×5 index cards”.

    I’ll leave it up to you to decide where I fit somewhere along this taxonomy. =)

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.


Visitor Geolocationing Widget: