In-depth

Enterprise security skills: the communication factor

How important are good lines of communication as far as the enterprise IT security strategy is concerned? Davey Winder investigates...

When Tripwire carried out a detailed UK analysis of the Ponemon Institute's 2013 Risk-Based Security Management Study, it discovered something of a disconnect between an enterprise's commitment and its ability to actually deliver on that. The key takeaways from the very detailed analysis, can be boiled down to:

  • Some 61 per cent don't communicate security risk with senior executives or only communicate when a serious security risk is revealed;
  • Just shy of 40 per cent of collaboration between security risk management and business is poor, non-existent or adversarial;
  • Less than half (47 per cent) rate communication of relevant security risks to executives as not effective'  and when asked why this should be: 63 per cent said communication occurs at too low a level and 57 per cent said communications are too siloed. Furthermore, 56 per cent said the information is too technical to be understood by non-technical management and 50 per cent said negative facts are filtered before being disclosed to senior executives and the CEO. In addition just over one third (35 per cent) said it takes too much time to prepare report metrics to senior executives.

The results of this study would seem to suggest that integrating security risk into the day-to-day operational decision making of the business just isn't happening in the majority of enterprises.

Just how vital, therefore, are good communication skills? And, how can IT security professionals in particular develop new skills in this area to enable them to talk about risk in terms that are relevant to the goals of the business and so both understandable, and therefore implementable, by the powers that be?

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

The IT Pro Podcast: Why techies shouldn’t become managers
Careers & training

The IT Pro Podcast: Why techies shouldn’t become managers

10 Sep 2021
Podcast transcript: Why techies shouldn’t become managers
Careers & training

Podcast transcript: Why techies shouldn’t become managers

10 Sep 2021
The IT Pro Podcast: How umbrella companies exploit IT contractors
IT regulation

The IT Pro Podcast: How umbrella companies exploit IT contractors

3 Sep 2021
Podcast transcript: How umbrella companies exploit IT contractors
IT regulation

Podcast transcript: How umbrella companies exploit IT contractors

3 Sep 2021

Most Popular

Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
Openreach offers £20,000 reward for information on stolen copper cables
broadband

Openreach offers £20,000 reward for information on stolen copper cables

21 Jan 2022