Internal IT Security Teams Need Dialogue

Steps offered to help sell NERC CIP Mitigation to executive management.

By Enterprise Networking Planet Staff | Posted Nov 11, 2010
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

In an article on Network World, author Ron Lepofsky offers assistance to internal IT security teams in discussing NERC CIP security mitigation steps with executive management. SCADA vulnerabilities are an issue in businesses where security budgets must be discussed. Often executive management is of the impression that network security is expensive, and Lepofsky, founder and president of ERE Information Security and Privacy Auditors, offers valuable dialogue to aid in the sell.


"The key is to write the documentation with an emphasis on ease of implementation. Keep the initial documentation short and simple, in a format that is easy to update, and keep it updated. Once you have proved the initial policy, process, and other documentation to be successful in terms of meeting objectives, then you can look for budget to expand scope. I have seen this approach work successfully many times. As far as technology implementation budgets, I’ve seen best success with creating a multi-year plan with smaller annual budgets. As long as you can prove success with meeting each year’s goals, your chances of getting successive budgets of course improves. Nothing succeeds like success."

Read the Full Story at Network World

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter