Author Archives: Ray Bernard

A Security Executive’s Bill of Rights and Responsibilities

Republished from Ray’s blog: The Security Minute
The Security Executive has the right and responsibility:

  1. To develop security objectives, strategies and policies for the organization, for Senior Management approval or amendment.
  2. To identify security risks to the organization’s critical assets and business functions, and their potential business impacts.
  3. To identify and develop security risk mitigation options and recommendations, including their costs and business impacts, for Senior Management approval or amendment.
  4. To monitor for and identify changes to the security risk picture, and to timely act

Senior Management’s Security Bill of Rights and Responsibilities

Republished from Ray’s blog: The Security Minute
Senior Management has the right and responsibility:

  1. To be informed about security risks to the organization’s critical assets, their potential business impacts, and to be timely informed about changes to the security risk picture.
  2. To be informed about the organization’s security risk mitigation options including their costs and business impacts.
  3. To set or approve the organization’s security objectives, priorities and strategies.
  4. To approve or amend security high-level policies and planning.
  5. To approve or amend large-scale security programs and

A Security Bill of Rights for Ownership

Republished from Ray’s blog The Security Minute
Ownership has the right:

  1. To be accurately informed by Senior Management about the current state and rationale of corporate asset protection and legal and regulatory compliance.
  2. To be timely informed by Senior Management about major security incidents, their actual and potential business impacts, and the organizational response actions planned and under way.
  3. To approve or amend the organization’s security objectives, priorities and strategies if desired.
  4. To approve or amend security high-level policies and planning if desired.
  5. To approve

A Security Bill of Rights

Republished from Ray’s blog: The Security Minute
Today’s leading security executives are no longer just “selling the security program” to executive management. They are also collaborating with senior executives about enterprise security risk. Here is why:

  • Business assets are the property of the business owners, who have delegated the care and management of those assets to the executive management team.
  • Risks to business assets—and risk decisions—are the responsibility of executive management.
  • Because executive management must make the risk decisions

Beyond Fear

Beyond Fear: Thinking Sensibly About Security in an Uncertain World
by Bruce Schneier
Just reading this book will greatly increase your effectiveness in discussing Security with non-security people, including senior management.

When this book first came out in 2004, I didn’t read it because I dismissed it as “just another one of those post-9/11 security books”. That was a big mistake on my part, as this book serves as a very effective antidote to the fear and uncertainty that has been generated around security since