Solid Governance is Key

Originally posted to LinkedIn on November 23, 2015

The next step to think like a hacker, while not simple, is something all executives understand.

Tip #2: Governance

 A successful InfoSec function relies heavily on solid governance.

Companies need a framework for evaluating third party providers of information technology (IT), development and security. And they need a process to ensure business units inside their organizations follow strict processes and protocols when making technology decisions or purchases.

Part of this governance process is simply asking the right questions. Set up a meeting with your top technology staffers and ask the following:

• One, do we have an InfoSec function? To whom does it report?
• What does our security function look like?
• How do we vet 3rd party technology providers? How do we know they are doing things the right way?
• Do we have gateways and forced check-ins in order to get something done, such as a code review before any new websites are launched?

Starting this basic dialogue will get the ball rolling and ensure you don’t stall in your quest to provide the highest level of security for your clients and customer.

Stay tuned for the next installment and Tip #3…