Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

Home » Security Leadership » Executive Communication

How to Communicate Up

Ten tips for managing your security message

By Jeffrey Bardin

April 01, 2006 — CSO —

You've spent the past few months collecting information, discovering vulnerabilities and determining gaps in your physical and information security environment. It's like a full physical examination, including upper and lower GI series, blood tests, MRI and prostate check. Prior to this effort, the corporate executives found ignoring security issues to be a cost effective method of risk management, largely because you could provide no hard data on the losses they face. If you can't identify breaches or attempted break-ins, the board has no incentive to buy safeguards, execute the protection strategies and organize properly to combat threats. But now it seems the stars are aligning to facilitate a security breakthrough. Your exam identifies threats and assesses vulnerabilities for the potential loss, modification, disclosure and destruction of mission-critical information; the results show where the attacks are coming from, their frequency and intensity. Meanwhile, record numbers of breach disclosures flood the media. States are pumping out new privacy legislation with amazing regularity that further establishes awareness for the cause. The time approaches for funding priorities for the next fiscal year. Surely security will be properly funded for the first time in corporate history?

Wrong! Regardless of what the data says, if you do not communicate in a way that speaks to the sensibilities of the corporate C's without political embarrassment, they won't get the message. So how can you craft the message in such a way that you can be sure it will penetrate to the appropriate level?

1. Seek out a trusted sponsora person who can serve as a conduit to getting your message heard. At one firm, I found the VP of Internal Audit to be a great ally. Internal Audit has been trying for years to get companies to comply with their findings; they follow a code like you. Your efforts will only help their cause. Align your information security pitch with their internal controlsoriented message, adding specifics relevant to the 10 domains of ISO17799 or CISSP Common Body of Knowledge.

2. Make sure the emperor does have clothes. Communicate proper issue awareness to the CIO on more than one occasion prior to the board-level presentation. Accompany this message with details of how previous investments have led to measurable wins.

3. Have a clear plan in hand. Articulate a well-defined two-year time line for risk remediation and optimization. Include funding requirements with capital amortized and resources defined at least at a rough level.

1 2 »

White Papers

Data Loss Prevention Solution for Managing E-Discovery

Enterprise Strategy Group: The Case for a New Data-centric DLP White Paper

Data Loss by the Numbers

Best Practices in Data Protection - Executive Summary

The Gap Between the Threats and the Spend

Aberdeen Analyst Insight: Does Your Enterprise Have a Dropbox Problem?

The TCO of FTP: Hidden Costs of "Free" File Sharing

Streamline, Speed and Secure the Supply Chain with Managed File Transfer

Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business

Secure Managed File Transfer: Bringing Coherence & Control to Compliance

Planning For Failure: Incident Management Is A Top Priority

Secure File Sharing in the Cloud: Maximizing the Benefits

8 Critical Requirements for Secure Mobile File Sharing

Beyond Dropbox: Requirements for Enterprise Secure File Sharing

Measuring up: A Global Benchmark Defining IT Asset and Service Management

The 2011 Handbook of Application and Service Delivery

Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency

Application Performance Management: The End User is King

Total Economic Impact of Dell SecureWorks Managed Security Services

Business Centric DLP

More White Papers »

How to Communicate Up

Ten tips for managing your security message

By Jeffrey Bardin

9 secrets of getting stuff done in big companies
Leading CSOs and CISOs on how to get budget approval and followthrough on security initiatives

Business negotiation secrets from an FBI hostage negotiator
How to use "active listening" and other techniques for effective communication

The business value of a CSO
Connect other leaders via their common risk management concerns&and reap competitive advantage

How to manage operational risk through ERM
Risk management provides the language that connects with the boardroom

A CEO/CSO communication case study

Business communication 101 for security

How to Communicate Up

Ten tips for managing your security message

By Jeffrey Bardin

9 secrets of getting stuff done in big companies Leading CSOs and CISOs on how to get budget approval and followthrough on security initiatives

Business negotiation secrets from an FBI hostage negotiator How to use "active listening" and other techniques for effective communication

The business value of a CSO Connect other leaders via their common risk management concerns&and reap competitive advantage

How to manage operational risk through ERM Risk management provides the language that connects with the boardroom

A CEO/CSO communication case study

Business communication 101 for security

9 secrets of getting stuff done in big companies
Leading CSOs and CISOs on how to get budget approval and followthrough on security initiatives

Business negotiation secrets from an FBI hostage negotiator
How to use "active listening" and other techniques for effective communication

The business value of a CSO
Connect other leaders via their common risk management concerns&and reap competitive advantage

How to manage operational risk through ERM
Risk management provides the language that connects with the boardroom