Readers, October 3rd's topic for Cyber Security Awareness Month is "Getting the Boss Involved."  Let us know how you do it - what methods, techniques, ideas, or approaches have you used that work?  As most of us know, a good security awareness program will not work unless the leadership is involved.  So pass along your thoughts via our contact form and we'll post them as updates to this diary.

- Think "Big Picture"!  When you're presenting an idea, cover how this will help the business.  Will it reduce costs?  Secure the systems?  Reduce the change of breaches or lawsuits?

- Show your bosses that you can not only handle technical concepts but business ones as well.

- "We have had a rash of viruses due to the managers not allowing us to properly secure our systems. We started keeping track of the time it took us to correct the problem + the lost time of the employee because their computer was down and presented this to the "suits."  We also used some of the statics on the cost of a security breach. This fixed our problem!"

Do you notice a pattern already?  Present the issue by highlighting aspects that are important to the listener. 

- As part of our security awareness and training plan, we do an annual executive security briefing. We keep this brief and non-technical, but highlight the positives we can claim from the previous year and describe our approach to addressing problems that we might see in the next year.
- We do a full staff review of security standards (including the boss(es)) and have the boss sign off on the annual audit certification letters.

- If you're trying to share a sense of urgency about a problem: ""Don't give the boss horror stories about what could happen, give him real stories of what has happened to other people." --Alan Paller

Thanks to Ismael, Robert, Guy, and John for the contributions.