Re: Data Breaches
There are some great tips here, and they all come together to paint a clear picture of the mentality you should go into these meetings with. The reality is that you're not in complete control of the situation, you're not the only one to blame if something goes wrong, and there are extraneous factors you can't possibly cover in the scope of that meeting - but you can't make it sound like you're more worried about that than you are about fixing the problem at hand. To management, you are the focal point of all things security - everything they know about that realm they know through you. Don't assume they know things you take for granted, don't downplay aspects they think are important, but don't be afraid to tell the truth.
There is the common trap of the 'meetings for meetings' sake' that Chris brings up, and this permeates security as much as it does every other aspect of business. People are fond of asking the same question phrased multiple ways until you give an answer that agrees with them. People like to use buzzwords they don't really know the meaning of to sound informed, and expect you to play along. Certain schools of management tell them to play hardball simply to get the best results out of you/for the company, regardless of your position. None of these mean you can't spin that meeting to your advantage, get a plan in place that everyone likes, and perhaps most importantly, as the author says, breed some long-lasting trust.