ABSTRACT
One of the most common concerns voiced at the various security conferences and security associations
around the country is, “How do we get our management to understand the importance of information
security?” These concerns are typically voiced by individuals that have been unable to secure the attention
of or financial commitment from the senior leadership of their respective organizations. The question is
usually accompanied with frustration as a result of multiple attempts to obtain budget dollars, only to be
faced with flat budgets or even cuts to the current expenditure levels. Although each organization has
different values, principles, and strategies to move the business forward, this article explores some
techniques for building management commitment through the implementation of a successful
information security council.