RSS feed Get our RSS feed

News by Topic

Why Communication Fails: Five Reasons the Business Doesn't Get Security's Message

IBM Corporation

One of the most serious problems facing security and risk management professionals is the inability to communicate effectively with the enterprise—resulting in security and risk management efforts that fail to meet the needs of the business.

CISOs must effectively communicate to business leaders and key stakeholders how security implications including validating that the appropriate security controls are in place can significantly impact their exposure to risk.

Gartner has identified five key failures in crucial interactions between security and risk professionals and their client:
1. Security and risk management professionals speak a “language” that few people outside their discipline fully understand.
2. Security and risk management professionals have seldom been trained in how to communicate in a business setting.
3. Business leaders are extremely busy.
4. Business leaders find it difficult to express their concerns in terms that security and risk professionals understand.
5. The business finds it extremely difficult to identify its own risk appetite.

Tags : ibm, gartner, communication, security message, enterprise risk management, jeffrey wheatman, chief information security officer, ciso
 Email this page
Published:  Jun 01, 2011
Length:  4
Type:  White Paper