Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Straight talk for security pros

At a conference, security professionals debated the best way to communicate security needs and handle upstream problems that may emerge
Page:

Communicating the importance of security risk and the need for related investment to those less familiar is no easy task, but industry experts agree there are a few techniques that you can follow as a CSO, CISO, or project manager to help get your point across and curry favor with other business leaders.

At the ongoing Source Boston 2008 conference in the US, a panel made up executives, technologists and IT consultants debated the problems that emerge when security professionals head upstream looking for additional support or financing for their efforts.

Getting your point across about the threat of peer-to-peer botnets, server-side polymorphism, or Section 6 of the PCI Data Security Standard probably won't work if you rely on technical jargon and insider knowledge to tell your story, the presenters agreed. But if you explain things to people in terms they might understand or which directly impact their own business roles, your chances for success are far greater, the panelists said.

"I don't know the technical language and won't ever try to understand everything," said Reggie Sommer, who has previously served as the CFO at a handful of firms, including Netegrity, and who currently sits on the boards of several financial services companies.

"I think in terms of risk -- sometimes that's about dollars and sometimes it's about reputation, but you need to tell me, what's the real risk that could actually hurt the business? It's all about getting the language and communication right," she said.

Too often, security professionals forget that other business leaders don't follow emerging threats or compliance demands on a day-to-day basis and defer to language that means little to the average executive.

Selling your project or asking for more money is all about finding the right way to trace security issues back to traditional business operations and broader operational concerns, the experts advised.

In addition to gaining the budgetary and organizational support needed from CEOs and other executives to push ahead with your plans, it's also increasingly important to have business leaders contribute to the process of getting everyone else in your company to help make those efforts succeed.

"You can't go in talking about technologies. You need to quantify what the risks are; every business is run by policy and those policies need to come out of senior management," said Dennis Devlin, chief information security officer at Brandeis College and a former CISO at Thompson.

"To succeed in this, we need to teach people to think how we think, and I spend a lot of time teaching people to make informed decisions about risk, which goes far beyond technology," said Devlin. "You look at something like [data loss prevention], and to make that truly work, it has to be a management directive."

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Netegrity, Symantec
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • HP Imaging and Printing Services
    According to Gartner, a major focus for organisations today and in the foreseeable future is shifting from cost reduction to growth, expansion, innovation, and operational excellence. If your organization is serious about driving growth and innovation and improving customer experiences, you’ll find that a well-managed imaging and printing environment is key to these goals. A growing number of organizations are turning to services as a means of integrating imaging and printing into their overall IT infrastructure strategies. It may be one of the fastest ways to continue to drive down costs, fund innovation, and prepare your organisation to capitalise on future opportunities. Read more.
    Learn more »
  • Case Study: NZ Bus Develops Applications 60% Faster, Improves Database Performance by up to 35%
    Key Benefits: Developed applications 60% faster, Created development and test environments in minutes compared to days and weeks previously, Reduced server costs by 30% with server virtualisation, Saved NZ$40,000 in database administrator training costs, Provided high availability features that keep the database and core applications up and running in the event of a server failure, Introduced compression capabilities that improved database performance by 30% to 35%. Read on.
    Learn more »
  • Virtualise, Manage, Backup, Consolidate
    Datacenter sprawl is one of the larger challenges that datacenter managers are facing today. Over time, applications, servers, and storage can create many unique architectures across the IT infrastructure. This can introduce complexity, increase costs, and compromise business-critical application performance and availability. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.