Enterprise security skills: the communication factor

How important are good lines of communication as far as the enterprise IT security strategy is concerned? Davey Winder investigates...

Skills meltdown

John Colley is the managing director for Europe, the Middle East and Africa (EMEA) at (ISC)2, the largest body of information security professionals worldwide with over 90,000 members across 135 countries. If anyone should know a thing or two about communication in the security business, he should.

Rather surprisingly, Colley seemed to be in broad agreement with the suggestion that IT professionals are failing to communicate security risks to their organisations, telling IT Pro this wasn't surprising as "IT professionals don't always understand the security risks themselves."

Advertisement - Article continues below

Colley explained that it must be the role and responsibility of business security professionals to communicate to both the IT professionals and the business as "they are the experts at the coal face of monitoring the threat landscape to secure the business."

When it comes to what Colley thinks is really causing this communication failure, however, the surprise-factor is less evident. "Use of technical terminology is an endemic problem and perhaps one of the key reasons for communication failure between IT/security teams and the wider business" he says.

"IT and security professionals must speak the same business language. For instance, telling the business that it is likely to be hacked will not have the same effect as saying that if certain security measures are not adopted, the enterprise will likely lose its intellectual property."

Advertisement
Advertisement - Article continues below

One of the problems is that all too often IT has no way of understanding and assessing the value and sensitivity (and therefore the risk) of the company's data assets. Those people who do understand this value are the data owners in line-of-business roles.

Advertisement - Article continues below

Empowering the business leaders with formal data ownership and providing them with the tools to set and manage access to their data can achieve two big things, insists David Gibson, one of the vice presidents at Varonis. Big thing number one is increasing the company's protection of critical data assets and big thing number two is enabling IT to get out of the permission business.

"Let's say a bank teller noticed a stack of cash sitting unguarded in the middle of the bank," Gibson explains "in order to calculate the risk associated with these bills, the teller would need to know the asset's value."

Are they $100 dollar bills or $1 bills, and how much is the pile worth? Secondly, they need to know to whom the assets belong in order to communicate with someone that is responsible for the assets. In this case, any bank official would ask, who is responsible for this?

Advertisement - Article continues below

It's just the same with data. When IT finds piles of data that are exposed to too many people or otherwise not protected adequately, in order to communicate risk, they need to understand the value of the data, and communicate the risk associated with that data to the right people.

"In other words, they need to find data owners," says Gibson. What's more, since data isn't usually as clearly marked as cash, the owners are needed to help quantify the data's value in the first place. "With so much information housed in today's data driven organisations," says Gibson "IT and the business have often lost track of who is responsible for which data assets."

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020