The string of high profile ransomware attacks on major companies has led executives and boards to take security seriously. In the past, spending money on security is a hard sell and security folks often resort to using the FUD factor (fear, uncertainty and doubt) to implement security projects. Now, they are realizing the importance of security to avoid major disruptions and keep the business going.

For security folks, this is the best time to forge the partnership with the business. You should define strategic directions for both the business and security. Map out a high high-level path to get from current to future objectives as well as identify organizational
roadblocks, standards/policy challenges, and business goals. This is not a one and done thing. Continue to collaborate and have an ongoing discussion to maintain the relationship and to determine if things have changed such as new strategies.

Security folks must understand the business value. Work closely with them to strike the appropriate balance for risk acceptance, and make sure the risk is stated in the context of business objectives.

While you have the attention of the business, do not squander this opportunity.