ABSTRACT
Along with the rapid rise in visibility of information security within medium- to large-sized organizations has also emerged the desire to gain a seat at the table with the members of the C-suite. Obtaining the ear of the chief executive officer (CEO), chief information officer (CIO), chief financial officer, and the vice presidents of the business areas often becomes a mission for the individual managing the information security program. Organizations are much like people, where thoughts and activities are compartmentalized and prioritized so that they do not overwhelm us. Information security is not different in this regard, as it is typically categorized as an information technology function, so it becomes the responsibility of the CIO. Communicating with the C-suite requires a different language from what is normally used with the end users or technical staff. The CEO is faced with challenges and opportunities on a daily basis.
