Security News > 2003 > July > Re: Update: Money seen as biggest obstacle to effective IT security

Forwarded from: Mark Bernard Dear Associates, If you read between the lines this story really identifies the difference between a CISSP designation and a CISM designation. One designation is entirely solution oriented while the other is business oriented. The CISSP does not demonstrate the skills necessary to justify Information Security (InfoSec) to a business. So all those businesses rushing out to get staff with a CISSP designation without additional business management skills have shot themselves in the foot. Companies will not budget for InfoSec unless it is a legitimate business need and that means justification in business terms. Without justification businesses will continue to only budget for InfoSec positions assigned to larger non InfoSentric business units. Its not entirely managements fault because they truly believe that this will reduce the risk and take care of any problems that they might encounter. This is the way that traditional management has always dealt with more work, they hire more staff! This however is a short-term fix which is very apparent within this survey. Without adequate justification tied to strategic and tactical business objectives InfoSec budgets will continue to not get approved. After all, just because someone with a CISSP says that something needs to be attended to doesn't mean that the company will automatically open up the vault. Regards, Mark, CISM, CISSP. ----- Original Message ----- From: "InfoSec News" To: Sent: Thursday, July 17, 2003 4:46 AM Subject: [ISN] Update: Money seen as biggest obstacle to effective IT security

News URL

http://www.computerworld.com/securitytopics/security/story/0,10801,83109,00.html