Join Mandy Huth for an in-depth discussion in this video Achieving management buy-in for InfoSec, part of Security Matters (To Everyone).
(light music) - I just got a purchase order request for a quarter million dollars. Are you kidding me? The reality in businesses today is that security is considered an expense. It just isn't true. (dinging) Security is really a conversation about risk tolerance for your business. It has to come from a place of risk. When you think about risk and how your business is going to approach it, you have four ways that you can address risk.
You can choose to accept it, you can mitigate it, you can transfer it to someone else, or you can just plain avoid it. The key to getting management buy-in for information security is having a conversation about balancing security against the business. Remember, security is never a problem until it is. - [Astronaut] Houston, we have a problem. - If I'm buying a 10 year old beater car that just gets me to and from work, I'm probably just gonna put liability insurance on it.
But if I'm buying a brand spanking new luxury sedan, you can bet your bottom dollar I'm gonna have comprehensive coverage for that car. The same holds true for your business. Where on that spectrum do you fall? Do you want liability insurance for your company? Or do you need comprehensive coverage to protect your reputation? Finding your place in that spectrum will drive the conversation. Remember, everyone on your management team wants what's best for your business. Having a conversation about how much your business wants to invest to protect its interests is a conversation you can have with anyone.
So would you like to spend a quarter million dollars now? (upbeat music) Or would you like to spend millions of dollars on a potential breach later?