Recently I received an email forwarded-on by a company director who asked the question “How are we treating IT security in our business?”. I was pleasantly surprised. The email was originally sent by someone who had done the course and felt compelled to share it with those in similar positions of responsibility.
The answer to the question is irrelevant for this post. The point is that making company directors aware of the issues around IT security is critical. The energy must come form the top, not the bottom.
Usually it’s a technicians that raise the issues of IT security with those above (managers and exec’s) and without much resulting. But when it comes from the top, there is a directive to take action.
I expect the matter to be raised with IT departments more frequently now given the inclusion of the topic in the Australian Institute of Company Directors course.
And that’s a great thing!