Communication is the Key to Security

Wednesday, January 19, 2011

Mike Meikle


It may seem like an oxymoron but communication is the key to robust Information Security practices. 

It is standard practice for security and IT professionals to communicate to their customers by proxy through strongly worded policies.  These policies are then enforced by Human Resources or Management. 

There is a sea change taking place in information technology however.  No longer can information security defend the organization by erecting walls around the enterprise and filling the moat with generic policy. 

The “consumerization” of the enterprise by the infiltration of mass market technology has lowered the drawbridge and allowed many unauthorized devices and services to stream in and out of the corporate network. 

Bruce Schneier discussed this topic in depth via his January 15th 2011 Crypto-Gram Newsletter.

In order for information security to address the rapidly changing IT biosphere, infosec professionals will have to develop and hone the ability to effectively communicate with there customers. 

In December 2010, ISC(2), Information Security Forum (ISF) and ISACA released Principles for Information Security Practitioners.  A quick glance down the “Principles” column and you will notice how heavily it ties into the strategic goals of an organization. 

There is no reference to esoteric security standards, policies or technologies.  The entire document could be boiled down to the word Communication.

How you communicate with your internal and external customers is a linchpin in any organization’s information technology and security strategy. 

Unfortunately, many in the IT and Security profession are poor or inexperienced communicators who have traditionally had layers of management and policy to shield them from actual customer interaction. 

Looking at industry trends, these days are numbered, especially if you subscribe to the notion that IT professionals in the U.S. will have to hold significant business skills to remain competitive in the global marketplace.

Cross-posted from Musings of a Corporate Consigliere

Possibly Related Articles:
Policy Security Strategies Security Communication ISACA
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.