Sans Top 20 list of security vulnerabilities, published as a guide of Windows and Unix/Linux security problems, is to be transformed into an executive briefing no longer than two sides of A4.
"It will be a tool for IT professionals to get the security message across to the board," said Ross Patel, editor of the Sans Top 20. "We're hoping to have the final draft in the next week."
The briefing is to include case studies from both the private and public sector. Contributors include Royal Mail information security director David Lacey, director of global information security for ICI Paul Simmonds and director of NISCC Roger Cumming.
At the recent SC conference speakers highlighted the difficulties in getting the secure IT message across at board level.
"Terminology is important," said Tom Scholtz, vice president of global networking strategies at analysts Meta Group. "We need consistency in the way we communicate. I think the world will start to listen to what we (IT professionals) are saying."
"Establishing a business case at board level is difficult," said Andrew Wilson, project manager of the Information Security Forum. "We winged it in the past, and you cannot establish a business case in this manner."
The executive briefing will be published before Christmas.