Step 1: Attain Managerial Buy-in

You may be surprised to find this at the top of the list. However, managerial support for your security initiatives is critical. For starters, management is ultimately where your security budgets are accepted or denied. Without sufficient funds, you lack the tools necessary to enforce policy, which makes securing your organization's information assets incredibly harder; perhaps even impossible. Secondly, management holds the power of discipline. As a security professional, you should be focused on risk; not reprimand. Managerial backing ensures your security policies and procedures are upheld, and that there are consequences when they are not.

Fortunately, the relationship between security personnel and management is reciprocal. You need management, but management certainly needs you. In addition to securing the company's assets, your job is also be to educate management in the realms of risk, compliance, and overall best practices. Remember, managers are decisions makers. As such, try to not force solutions upon them. Rather, present them with accurate security information, and allow them to make sound business decisions.