ABOUT US

FORUMS

PARTNERS

PRODUCTS & SERVICES

FREE RESOURCES

JOIN
NOW!

You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

Watch this Blog Notify me by e-mail any time a new post is made to this blog.

Scott Wright's editorials on a variety of security issues for non-technical business managers and home computer users. Please feel free to comment and help spread the word that managers need to think about their information security risks.

The Virus Time Machine (e-Book)
Product ID: 00000007

... What You Need to Know (and Wish You Knew Before) About Removing Virus and Malware Infections Before you start down the path of trying to fix a virus infection on your computer, you should really understand what's invol ... More »

Non-Member Price: $4.99

November 2008 Posts

Is the problem with the technology, the procedures or the people?
Mon 24th 2008 @ 6:05 AM
Clicking on links is like hitch-hiking - you never know where you'll end up
Mon 24th 2008 @ 6:03 AM
Social engineering petrie dishies could easily be more secure
Mon 24th 2008 @ 6:02 AM
Book review - IT Governance: Guidelines for Directors
Mon 24th 2008 @ 6:00 AM
Visitor access logs can be used for unintended purposes by anyone
Thu 20th 2008 @ 3:00 PM
Deterrent safeguards - they can't prevent anything, so why bother?
Thu 20th 2008 @ 2:58 PM
What's your board doing with IT?
Thu 20th 2008 @ 2:55 PM
It's not that you can't trust them, but...
Thu 20th 2008 @ 2:54 PM
Getting to secure - incrementally and practically
Thu 20th 2008 @ 2:51 PM
Scott Wright's Security Views column is moving to The Streetwise Security Zone for your convenience
Wed 19th 2008 @ 9:23 AM
Getting on the blog wagon
Wed 19th 2008 @ 9:06 AM
Instant messaging in the enterprise... security threat, privacy threat or useful tool?
Wed 19th 2008 @ 9:04 AM
If you don't have integrity, what do you have?
Wed 19th 2008 @ 9:02 AM
Magic Crypto Fairy Dust
Wed 19th 2008 @ 9:01 AM
Debit Machine Tampering
Wed 19th 2008 @ 8:59 AM
USB Tokens Can Be Risky
Wed 19th 2008 @ 8:58 AM
Voice Over IP Security
Wed 19th 2008 @ 8:53 AM
Canadian Breach Notification Laws
Wed 19th 2008 @ 8:52 AM
Book - Beyond Fear by Bruce Schneier
Wed 19th 2008 @ 8:50 AM
Welcome to Scott Wright's Security Views
Wed 19th 2008 @ 8:41 AM

What's your board doing with IT?

Thursday, November 20th 2008 @ 2:55 PM (not yet rated) post viewed 994 times

Originally posted - April 10, 2007

Did you ever wonder why so many IT projects end up in trouble? Apparently, the statistics available and highlighted by IT blogger, Ann All at IT Business Edge in her article “IT Governance (Not) on Board” shows that most Boards of Directors do not have adequate IT visibility on their agendas, and many also lack the expertise to address IT if it was on the agenda.

The data Ann All refers to comes from surveys by Deloitte and also by researcher Steve Andriole. OK, so Boards are not involved in IT projects. Is that a big surprise? Probably not. But if you think about it, as Andriole says, “Our dependence on IT has never been greater.” Wouldn’t that make it a strategic issue to be addressed by the Board of Directors? Why are there so few IT-aware executives on most businesses’ Boards? As IT Governance author, Alan Calder says, most of the board members are old fogeys who have their assistants print out their emails for them.

It almost goes without saying that companies need more visibility for Security at the Board level as well. At this level IT Governance and Security are as closely related as Parenting and Household Rules. Imagine if parents cared nothing about the amount of time spent sitting in front of screens, and the types of video games their kids were playing in their rooms. What kind of kids would we expect to end up with?

Let’s go beyond Alan Calder’s call for more IT-aware executives, and demand some Security-aware executives on the Boards of our companies. And while we’re at it, why not put all capital IT projects over $25K and IT Operations groups with annual capital and expense budgets over $100K on the agenda, along with their risk management plans and statuses?

These dollar value thresholds are arbitrary examples. They should depend on the size of the business, but anything significant should have visibility to a competent board to make sure shareholder value is being maintained. There’s no excuse for having an IT-ignorant Board of Directors any more.

My live security awareness webinars are a quick and affordable way to provide your entire staff with professional quality security awareness training and education - whether it's general training or for specific teams or industries. I offer group rates and can tailor content to your specific needs. Please call or email me at the coordinates below, or CLICK HERE to see my training webinar catalog.

Scott Wright

The Streetwise Security Coach

Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec

To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.

add a comment

rate this post:

Comments