ABSTRACT
How does a new chief information security o™cer (CISO) go about gaining management support for the information security program? One often hears that it takes take a digital “Pearl Harbor” in order to get support from executive management. at is, something has to go terribly wrong before an organization’s leadership will ˜nally pay attention to its security compliance program. ere are numerous recent examples of data loss incidents that help support that contention. Of course, this is not an ideal situation for a new CISO to step into. First of all, there is the pressure to make rapid and highly visible progress in addressing vulnerabilities. en, there is the obvious situation of knowing that your predecessor was just ˜red, and the same thing could happen to you.
