RE: Ransomware victims rising in local government...
Hello@pedrobrito2004,
thanks for your comment! As always, and I love this, very thoughtful and on point!
Yes, sure enough a major part in my profession is to stay on top of all the regulatory and compliance stuff as well as setting up an functioning and right sized information security management systems in alignment with general IT operations and all other stakeholders throughout the organization, and last but not least making sure to get an leveled budget for protective measures and projects.
It's a little like juggling with many balls. Hahaha!
In many situations that I was confronted in my consultant job at least (I'm working employed in information security as an information security officer and self employed "on the side" in "security fire fighting", security assessments, security projects) the damage had already happened to some degree which makes it easier to get executives in a room to listen to some suggestions.
Sadly, many need at least one bloody nose, some even more than that, to even think about information security and opsec.
Staffing, ensuring adequate competency, funding and so on has to be taken care of, ideally before people are too frustrated to give up on it.
Cheers!
Lucky
That the leaders need a direct blow to wake up and that there are still cases in which they refuse to wake up and act to solve the problems, is something that sounds familiar to me. Although it is also something you can find throughout the history of various civilizations. It seems that as the leaders are here to maintain the Status quo and not to advance to the future, they do not accept to do anything that changes things even when that change is to improve and give greater security.
It has to be qualifiable and quantifiable. That's what I learned a long time ago when dealing with executives. Make your case understandable and most importantly do a thorough job when it comes to realistic estimations in regard to possible damages. But this means you have to do your homework. No shortcuts and blanket arguments. Understand what it is worth that you try to protect and align the protective measures to these price tags. That's something most executives understand very clearly. Dollars! Hahhaha!