28. May 2011, 15:08 | by WD Milner | Full Article |

In light of recent high profile security breaches , one cannot help but ask: “Are these people asleep at the wheel?” Often Security departments are ignored or played down in the interests of economics. Not only is security expensive, it gets in people’s way and makes then uncomfortable and/or frustrated. The end result of which is that either proper procedures don't get implemented or they fall on deaf ears.

Communicating the importance of system and network security to end-users, and even those in administrative positions can be a challenge. Sometimes the problem is with the listener, sometimes with the security team. For now let’s consider the latter. While it is important that everyone in an organization understands the importance of security, communicating and generating this understanding has to start with security listening to the concerns and issues of the users within the organization from the CEO to the janitor, and then create policies and solutions with that input in mind. Increasingly important is consideration of cultural norms when doing this. With an increasingly diverse workforce, it is important to ensure that understanding is maintained across cultural and language diversity. If the policies set in place can solve problems within the organization while protecting it, the task for security personnel to communicate their message and effectively protect the organization’s data will be much easier.

Communicating that message has always been a problem. Most non-technical executives lose interest rapidly when security personnel start to go into technical details. This is also true when the material presented by security is done so from a solely IT perspective. Security should be put into the perspective of those it affects - what the risks are for particular business units, how ignoring the security issues may affect them, and how the proposed policies or solutions will benefit them and the business as a whole. That said, one must always be ready to step forward with concerns and solutions at times when the organization or business units involved are more receptive to the message you have to deliver. Security personnel, especially those who will be interacting with other sections of the organization also have to be prepared to wear several “hats”. The must be able to function as advisors, purveyors of bad (and hopefully good) news, leaders in mitigation or resolution or as educators.

Perhaps the most difficult thing about trying to communicate security issues withing an organization, is when there is just no desire to listen on the part of others. Regardless of how effectively a security department tries to convey its message, sometimes one just has to know when it is a wasted effort, and the time would be better spent elsewhere.

- 30 -

Categories: ,
Keywords: security,communications,organization,policies



Textile help
* Indicates a required field.

As a SPAM prevention measure, comments are moderated and will be posted once vetted.


Article & Comments

Comments are not enabled for all articles or documents.

Article Navigation


Internet and WWW
Music and Audio
Society and Culture
Stage and Screen
Tips and Tricks
Web Design
Web Site

The Birches - Support Child Safety Online


 Help to FIGHT spam!