Yesterday at the ISSA chapter meeting here in Des Moines we began with a discussion of mobile devices and how organizations are developing policies around use of personal devices for work purposes.  As expected it ranged from only company devices are allowed for limited functions to any devices is allowed for anything it can access.  We quicly moved into discussions on the impact newer generations of workers, social media, regulations such as HIPAA and mobile devices have on how we approach data security.

One member made the comment that a new CISO was brought in a few years ago to their organization that made a big difference.  This executive had the ability to articulate risk to the other executives in a fashion they understood.  They now have more money to fix issues than they've ever had in the past.  For this organization, pitching the security needs in terms of risk and quality improvement made all the difference.  I've been expousing this philosophy for years and can attest to it's impact.  If you can't articulate the need in a way that ties into the business objectives you're simply rambling.  Helping executives see how security and IT risk management goals tie into the larger organziational goals and you'll find the path is often paved before your very eyes.

If you're in the Des Moines area and intersted in information security, IT risk management and compliance, I'd encourage you to check out the Information Systems Security Association (ISSA) chapter meetings.  We meet monthly in West Des Moines, IA and will be adding web conferencing in the near future for those of you in other areas of the state.  Feel free to contact me or check out the chapter website (http://www.issa-desmoines.org) for more details.