In Selling Management on Security Needs, Scare Tactics Only Go So Far
- Finding the right balance in any organization depends on assessing risk and then convincing executive management to fund what’s needed.
- To sell the need for a security solution, use actual metrics that show the effectiveness of something that’s been deployed.
“We now have a metric that proves my team spends less time chasing those incidents. It’s become such a low-maintenance thing that now we can focus on maturing the other areas.”
“In talking about securing endpoints, you must recognize that threat vectors come from many different angles,” says Catharina Budiharto, IT security director at CB&I, a global logistics company. “My general rule is that prevention is the first line of defense, whether at the network layer, at the perimeter, or at the endpoint. Prevention is better than having to do the detection and response later.”