The Cyber Security FUD Problem. The FUD thing has been used by sales team in various industries for years. Fear, uncertainty, and doubt [ FUD] as a disinformation strategy first appeared in 1970’s, especially in computer hardware business. When it comes to infosec it is used often to gain an advantage over the competition. It is also regularly portrayed as the “old way” of advocating security budgets and measures to company management.
Surely the FUD isn’t exclusive to security professionals, you can see this advertised every day. You, as a cybersecurity pro and working for an organization, delivering your message to the management, want to think well how to deliver the message. Eventually, board members would like to stay at the board versus in a prison cell. The difficulty you have in building a great IT security program within the company comes with the complication of assessing risk.
Security is a difficult domain and that is always evolving. What board members need to know?
Every day you pick up a newspaper and you read about another breach. Since it is a relatively new world of threats and previously management board members didn’t have to go through this.
The question is how to get board members to know what to do when their company gets breached?