If your information security function is like most, it develops copious amounts of data about the business’s security that it delivers on a regular basis. And typically it never gets read.
“There’s a lack of collaboration between the two parties,” says Steve Durbin, managing director of the Information Security Forum (ISF), a nonprofit association that researches and analyzes security and risk management issues. “What is the common language that we should be speaking? How could we, from a security standpoint, be focused on the right things from a business perspective?”
Leave a reply
