A key aspect of the success of your information security program is developing a strong relationship with your organization's senior leadership. Without the commitment from your organization's senior leadership, the information security program will most likely be ineffective. Information security is really about organizational change. When a new information security program is established within an organization, changes will occur across the spectrum of people, processes, and technology. These changes could potentially be seen as disruptive to the way things are normally done. Without strong executive support for the information security programs, it may be difficult to make the necessary changes.

It is important to note that executive support is not a license to cause havoc within your organization. It is still the job of the information security professional to work within all levels of the organization. You must communicate the need for information security in a way that clearly explains how the information security program is protecting the organization and how it is helping to allow the organization to continue serving its customers. In doing this, it is important to speak to the organizational team members.

Remember, the information security program's biggest challenge is changing the leadership and cultural views of the organization. You must have executive leader buy-in to be successful.