Communication Is KeyBy Ericka Chickowski | Posted 2008-06-02 Email Print
The security risks IT managers worry about the most aren’t the same ones they spend their company’s money on. What’s going on? Baseline set out to get some answers.
Communication Is Key
Clearly, in order to get past the purse-holders, security has to do a better job of communicating with business executives on their terms. “If executive management and business decision-makers are not with you on this, your efforts will not be successful,” Bhatt cautions.
He and many other security experts believe that the better IT executives are at communicating with executives and educating them about security issues, the more funding will be released for essential projects.
“Security pros are being pushed to be knowledgeable about the business, as well as having a good grasp of technology,” says Zeitler of (ISC)2. “The security function is moving more into the business realm because the risk is to the business.”
This requires an understanding of how IT risks affect business and explaining it to stakeholders in a nontechnical way.
*View the research that was the basis for this article.
“The best advice I give is not to be a geek, because that is the kiss of death,” says Howard Schmidt, founder of R&H Security Consulting. “For the most part, executives want to hear about the risk to the business and about mitigation. They want to know what similar organizations are doing and how they are doing in the scheme of things.”
Benchmarking to other organizations’ practices lends credibility to IT’s recommendations. “You’re never a prophet in your own land,” Schmidt says. “Some CISOs will bring in an outside expert to tell executives exactly the same things they’ve been explaining until they’re blue in the face. Then, all of a sudden, it makes sense to the executives.”