Communication Is Key To Effective Enterprise Security

By Author: fiona
Total Articles: 191
Comment this article

Ever wonder what approach information security managers should take to ensure their a Exams organizations IT infrastructures are defended from all kinds of threats? Well, ISACA has just released a list of six crucial facets of a successful IT security strategy in a report based on a global survey of executives, senior management, information security managers and staff, research directors and consultants. Surprisingly, none of these recommendations are especially technical in nature.

The underlying theme with all of these is more effective communication on the part of IT security managers, said Sharon OBryan, CISA, president and CEO of OBryan Advisory Services Inc. and author of ISACA report.Certainly, one of the underlying themes through this project was the need for drastic change in the approach to educating the information security manager,she said.One of the realizations that came through was there's a gap in skills, everything from knowing how to manage complex budgets to developing real business cases.

Perhaps we are not doing the job we need to be doing to learn how ...
... to communicate with those executives,she added.Heretofore, information security managers have continued to get their continuing education in the area of information security. It's time for those managers to start letting go of some of the technical-skills maintenance they've been pursuing and really start pursuing what I refer to as MBA-type skills. People have to recognize that after years of not getting the message through, you've got to take responsibility Network+ certification for effective communication. The executives are not going to get it until we know how to effectively communicate in business terms.

In addition to ascertaining that IT security managers needed enhanced communication skills, the report delineated a few recommendations on how they can improve their capabilities in this area.Number one, they have got to get a mentor within their organization from a critical business area and actively seek to understand the business and what the recommendations are for pursuing outside training to learn more about the business,OBryan said.That ties into one of the other recommendations, and that's for information security managers to look more into industry training. For example, in the financial services industry, it would be bank administration.

Speaking of finance, another suggestion OBryan offered was for information security managers to familiarize themselves with budgetary issues and concerns.I think information security managers need to really beef up their skills in finance,OBryan said.In order to really participate in executive-level or senior management meetings, you have to understand what's going on in the financial reports. There's so much information in the annual reports, and it's amazing how many information security managers either don't read those reports or don't know how to decipher that information.

Finally, she said the information security industry needs to accept that formal training in communications and other soft skills was a necessity. This includes a regimen that teaches them how to extract relevant data from information security operations and translate it into the parlance of high-level executives and managers.We, as an industry, need to figure out how we are going to educate information security managers in presenting business cases at the executive level,OBryan said.Some organization needs to step up and create it. How do you create a program that's going to teach the general skills at a detailed enough level to make the person effective when they leave the training and also cover the points that are critical to the industry? This is not something you get from a 45-minute session at a conference. This is something takes MCSE exams a roll the sleeves up and dig into it attitude.