We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
2,862 Tutorials

How to communicate your firm's security strategy

7 common mistakes made by security pros

For many years, we've heard security professionals lament the way they are perceived. Terms such as 'the place where good ideas go to die' and 'the department of no' weren't uncommon just a few years ago when referring to the security function.

But that is changing - slowly, according to many security leaders. Still, as risk mitigation efforts, and the people behind them, get a better rep, challenges still exist when it comes to conveying security's message to company leadership, and staff users as well.

PC Advisor's sister site CSO spoke with three IT security veterans to learn what effective communication looks like in an organisation where security lives in harmony with the rest of the company. Here they tell us what not to do if you want to get everyone on board with what you're trying to accomplish.

Mistake 1: Failing to convey security's vision

Lorna Koppel, director of IT security with manufacturing firm Kohler Company, has been in security for decades. After some time in the military, and a degree in atmospheric sciences, she found herself increasingly interested in IT security as the world became more computerised.

"Things were so much simpler then. The threats were not as complex and as targeted," she recalled. "Now our jobs are more complicated because we have to still deal with all the noise and threats that are automated, but we also need to be prepared for the more complex and advanced methodology."

For Koppel and her team these days, that means there is a delicate line that needs to be straddled between how security is handling current threats, and what it plans to be doing in the future.

"We've spent a lot of time looking at our vision. Where are we going? What is our strategy?" said Koppel. "It's really hard for security people because we are reactive. We can get caught up just fighting the fire. But we also have very clear projects."

She said she strives to always maintain a relationship with her team that requires them all to be forward thinking.

"I think the mistake some people fall into is dealing with the latest. Let me deal with what's my plate now. Then I'll fit in the proactive stuff. But you get analysis paralysis. You don't make any progress on making life better for the company or yourself. How do you catch that soon enough so you don't waste a lot of time not making life better?"

NEXT PAGE: Neglecting to relate security to everyone

  1. Is your security message getting lost?
  2. Neglecting to relate to security to everyone
  3. Failing to make the business case for security
  4. A role in communication changes frequently

IDG UK Sites

Microsoft Band UK release date and price rumours, features and specs: Microsoft smartwatch unveiled

IDG UK Sites

Why Sony's PS4 2.0 update is every gamer's dream (well, mine at least)

IDG UK Sites

This Grolsch ad combines stop-motion & CG for majestic results

IDG UK Sites

Apple rumours and predictions for 2015: What to expect from Apple in 2015