In an era when data breaches and IT security incidents are the new norm, IT risk and information security have been increasingly recognized as business issues rather than just technical ones. Today an organization must weave IT security and risk management into the executive levels of business planning.
Policy writing is a risk communication exercise that is frequently performed by people who lack the skills needed to create good security policy. Fortunately, the use of a few best practices for the planning and writing of policy can make a big difference in its effectiveness in reducing risk.
During 2014 we've seen profound changes in cybersecurity, altering planning, delivery, operations and management in an attempt to keep up with new and increasing threats to the enterprise. Traditional approaches to IT security have limited impact and require changes as well. This presentation reviews the lessons learned and looks ahead in an attempt to use the past to inform the future.View Now