Often IT provides senior management with IT options, but fails to adequately inform the executives what the consequences are to a selected action.
For example, having full disk encryption on all workstations is of upmost importance. Some executives will choose to skip using full disk encryption. The key is that the IT professional ensures the executive is making an informed decision and knows what the consequences are.
The flow looks like this:
- IT makes suggestions to senior executives, making sure the executives understand the benefits, drawbacks, risks, likelihood, and the extent of possible damages.
- Then, the executives reflect a summary back to IT so the executives are certain they completely understand.
- The executives make a decision and written policies are produced or adjusted as required.
- IT will enforce the policies and act on them accordingly.
The key, once again, is that the senior executives make an informed decision.
Please post your comments on this blog.