"Management support at the highest levels of an organization is critical to the success of any security initiative," said panelist Stephen Doty, a manager at BearingPoint, a systems integration services firm based in McLean, Va. "You need to look at policies and prevention that support the organization's IT and information security needs."
Bill Mallick, a vice president at analyst firm Aberdeen Group, agreed, stressing the need for senior management buy-in and understanding of security issues, as well as an increase in employee training on both awareness and reporting of security threats.
"A big portion of getting information security out there is really informing your employees," Mallick said. "If they know how to respond to and report security issues, then you've already won."
The link for this article located at Michael Myser is no longer available.