Make management understand the risks

"Hence the skilful fighter puts himself into a position which makes defeat impossible."
Position is the preparation necessary to defend ourselves.
It includes reducing vulnerabilities in operating systems and applications, managing technology convergence and process assurance to reduce the chance of human error and assessing the security state of our environment.
An information security management program focuses on critical components organisations need to protect information assets.
Each will have a unique security management program but there are fundamentals that most share. One of the most important is executive management support, which begins with them understanding risks faced by the business:
- Sophistication of cybercriminals
- Insider threats
- Operating system and application vulnerabilities (more than 6600 last year)
- Corporate governance and compliance
- Lack of skilled resources
Next, write information security policies, develop security awareness and education campaigns, assign ownership and accountability of the security function to individuals and, through job descriptions and remuneration, make security everyone's responsibility.
![]() |
Security is everyone's responsibilty |