I’ve always believed that board support is essential for information security management projects to succeed across a business. I’ve also always recognised that not all security professionals naturally have the sales skills that are necessary to successfully pitch information security initiatives to boards of directors many of whom, themselves, combine sales skills with quite short attention spans. I originally wrote The Case for ISO27001 to provide, in one place, the wide range of arguments that could be made in favour of an organisation adopting ISO27001 as the standard for its information security management system.
I’ve just written another book, Selling Information Security to the Board, as a primer for those interested in developing their sales skills. The book originated in a presentation, Infosecurity As A Mindset: Selling IT To The Board, that I did at Infosec 2010 on exactly the same subject, and is (I hope) the first in a small collection of books and other products that are designed to expand the range of support available to IT professionals who, as part of their role, have to get management buy-in to an IT or information security project.