Good security leaders need to understand the environment they are being tasked with securing. Document all relevant business, legal, and regulatory requirements. Identify the security risks and potential damages of each gap, determine the cost to remedy each problem. It’s important to tie each project to the security risk it will address and set expectations. Create short-, mid-, and long-term goals and projects. Report your strategy and tactics to senior management. You’ll need senior management’s approval and backing when security initiatives start to conflict with operations.”]
Source: https://www.csoonline.com/article/2630023/how-to-manage-it-security—-without-a-tech-background.html