I'm looking for strategies to convince middle-management to invest in preventing lateral movement within our network, starting within our data center(s) and IAAS providers, and eventually extending to our manufacturing and office facilities.
The anecdotal stories (Target, Equifax, etc) resonate with the techies, but I am looking things that are a bit more management-ready. For example, best practice documents, comparative peer-surveys, pending or existing legislative requirements, etc. My basic thought is to somehow demonstrate that the ground has shifted such that isolated security zones are now the basic standard-of-care and must become a financial priority.
Any ideas appreciated.
If I could find something like the PCI and HIPPA requirements that applies to Manufacturing, I would be all set. Alas, that