Enterprise security skills: the communication factor
How important are good lines of communication as far as the enterprise IT security strategy is concerned? Davey Winder investigates...
When Tripwire carried out a detailed UK analysis of the Ponemon Institute's 2013 Risk-Based Security Management Study, it discovered something of a disconnect between an enterprise's commitment and its ability to actually deliver on that. The key takeaways from the very detailed analysis, can be boiled down to:
- Some 61 per cent don't communicate security risk with senior executives or only communicate when a serious security risk is revealed;
- Just shy of 40 per cent of collaboration between security risk management and business is poor, non-existent or adversarial;
- Less than half (47 per cent) rate communication of relevant security risks to executives as not effective' and when asked why this should be: 63 per cent said communication occurs at too low a level and 57 per cent said communications are too siloed. Furthermore, 56 per cent said the information is too technical to be understood by non-technical management and 50 per cent said negative facts are filtered before being disclosed to senior executives and the CEO. In addition just over one third (35 per cent) said it takes too much time to prepare report metrics to senior executives.
The results of this study would seem to suggest that integrating security risk into the day-to-day operational decision making of the business just isn't happening in the majority of enterprises.
Just how vital, therefore, are good communication skills? And, how can IT security professionals in particular develop new skills in this area to enable them to talk about risk in terms that are relevant to the goals of the business and so both understandable, and therefore implementable, by the powers that be?
In This Article
The ultimate guide to business connectivity in field services
A roadmap to increased workplace efficiencyFree download
The definitive guide to migrating to the cloud
Migrate apps to the public cloud with multi-cloud infrastructure solutionsFree download
Transform your network with advanced load balancing from VMware
How to modernise load balancing to enable digital transformationFree download
How to secure workloads in hybrid clouds
Cloud workload protectionFree download