ABSTRACT
There are many books on leadership that one can read to gain some ideas of how to approach management situations. There are many books on technical security skills that one can read to understand the technical approaches to resolve specific technical situations. There are many books that one can read about the business vertical in which one is employed to understand the challenges within the business environment. But where do these challenges for the security leader come together? Presented here are some challenges that have been communicated through the 2006 Security Leader Survey, as well as an expansion of some potential lessons learned and approaches to mitigate the situations, or preferably avoid them in the first place. These stem from actual experiences of security leaders, and although their business environments, organizational culture, management structure, relevant importance of security, and skill level may vary from organization to organization, some of these events have the potential of occurring within any organization. The mitigation strategies may or may not be different; however, it is useful to think about these situations and anticipate the question, “What would I do if this happened in my company?” Just as incident response plans are developed well before the actual event, the security leader needs a “security management incident response plan” to deal with the various situations that may arise.
