Many people tell me that the real problem they face in getting public or private sector organizations to address information security is the lack of understanding and interest at the top. That’s important because the security culture of an organization is strongly influenced by the tone and direction set by the leadership.
But it’s really just a matter of time. Information security continues to grow in importance and profile. Eventually most leaders will appreciate the subject and grasp the nettle.
And the situation can change faster than we expect. Take the US leadership for example. I was delighted to read that John Thompson, CEO of Symantec, is one of two shortlisted candidates to become the next US Commerce Secretary. It would be refreshing to have a security-aware politician in the President’s cabinet, and to have a Commerce Secretary that appreciates the importance of security in the technology supply chain. John is a smart business man and a superb diplomat. He certainly gets my vote.