The University of SydneyPage 25The ten aspects of importance in bridging the gap between the management and technicians1.Getting top management's backing (the CEO buying into the idea first)2.Getting technical management backing (technical departments are the custodians of ICT in an organisation)3.Address the ICT security problem as a special project (forming a provisional ICT security task force)4.Quick scan of the ICT-related risks and their consequences for the organisation (risk exposure due to ICT)5.Getting management's attention and backing6.Getting the current status of ICT security documented (take stock of the existing situation)7.Conduct awareness-raising sessions among users (with some feedback from steps 1–6)8.Carry out risk assessment and analysis9.Work out the mitigation plan (short-term plan for issues that need immediate attention and long-term mitigation plan)10.Develop countermeasuresSource : Department of Computer and System Sciences, Stockholm University