What are the top concepts on security management?
Information security risk assessment is probably the most important concept to convey. Compliance is not the goal of information security. This is related to No. 1, but important in its own right because many executives believe that once they get the compliance stamp from an annual audit, they don’t need to think about security anymore. Being compliant does not mean the organization is secure. That’s extremely important to get across.
