Blogger: Ramon Krikken
OK, admittedly a headline that may swing either way in your case … but how do you know? There are quite a few different ways in which we can structure the security team and its place in the organization, some which may work better than others. The security program itself may or may not include, or have touch points with, other activities in the organization, which will certainly have an impact on its efficacy. And then there are the various metrics that people use to measure all things security, if they exist and if the security team and organization have even agreed on what are desirable performance measurements. It’s certainly not the easiest task to determine if and how well the program is working.
Even without ongoing changes in the threat and regulatory landscapes there are plenty of questions surrounding this topic, and we’re looking to find out what organizations are, and have been, doing to create and adapt their program. We’re not looking to get answers to a pre-set list of questions, but rather to have an open dialogue so that we can go as broad and deep as we need to in order to uncover what really matters. Our target audience is chief information security officers (CISO) or equivalent in large enterprises, and the interview is expected to take about two hours.
Email us at securityprogram2009@burtongroup.com if you’d like to participate. We’ll of course provide you with a copy of our findings when we’re done.
Comments