What does it take to get attention for IT initiatives in today's enterprise? In most cases, according to Symantec Senior Director Jennie Grimes, it means making a compelling business case—and getting the right information to the right people in the right language.
IT risk management initiatives are definitely worthy of executive attention. Our economy is increasingly dependent on the Internet and IT systems, making the risks in these systems far more visible and significant than ever. But, it's a discipline with a myriad of stakeholders: CIOs, CISOs, enterprise risk management teams, compliance and regulation staff, and internal and external auditors.
Step #1: Choose your words ...view middle of the document...
Come prepared to back up your recommendations with numbers. Understand that you probably won't get exactly what you are asking for, but by presenting accurate potential scenarios, you might get your mid-range goal.
Step #3: Use headlines to your benefit
Many of today's business leaders dread the thought of the "orange jumpsuit retirement program." There's a steady stream of privacy and data leakage issues that will continue to make the headlines. Those held responsible have ranged from unsuspecting backup administrators to employees who unwittingly left laptops in car trunks to mid-level managers involved in publishing quarterly financial reports to executives operating with full knowledge of potential breaches. Make use of these "public hangings" to illustrate the real risks and move away from the incident probability statistic deadlock.
Step #4: Move your message up the chain (and sideways, too)
Consider all your potential champions and work to win them over. IT risk management isn't an exclusively IT-driven discipline. Work with the compliance team, the IT group, the legal group, the auditors,...