Bridging the Communications Gap in Security

Back to Blog
July 10, 2012
Dave Seuss

The first step to solving any type of problem is recognizing that one exists.  If you’ve had an opportunity to review the survey that we announced recently regarding CEO and CISO communication, you can see that not only is there a problem, but a wide disconnect with the potential for serious business impact.   It seems as though the executives charged with security are having a tough time communicating with the CEO, and ultimately the board, around issues of security.  Further complicating the matter is that the CEO community doesn’t seem all that interested in hearing about it either.  So how did we get to the point where C-level executives can’t communicate on an issue that left unchecked, could cause incalculable damage to the company? Simply put, the two groups are speaking different languages.  CEOs and boards care about financial performance and business issues that impact stock prices and market share.  Tech people tend to speak in terms of data and bits and bytes and botnets and viruses.  This type of conversation does not translate well to an audience that views security as very black and white; does it work or doesn’t?   So how can CISOs go about changing the culture in their organization so that the issue of security is taken more seriously from the executive branch of the company?  Here are a few tips to start everyone down the path of better communication and better security.

  1. Set the Tone:  if security is going to be a priority in the organization it’s your responsibility to make it happen.  Establish a regular security briefing with the CEO and tell him what he needs to hear, not what you think he wants to hear.
  2. Add Business Context to Security Discussion: Throwing around numbers such as 75 thousand instances of malware or 50 thousand viruses detected doesn’t mean anything to the CEO. Telling him that the company runs the risk of suffering a $5m loss if steps aren’t taken, is the type of language that resonates.
  3. Be Predictive: The best CISOs always make the point that they aren’t paying their teams to tell them what happened yesterday, but what will happen tomorrow.  CEOs don’t want to hear reports on past events either, tell them what is being done and what needs to be done in order to protect the company against future attack.
  4. Prioritize: Don’t expect every concern to be addressed by the CEO.  Settle on the big issues that require his attention.  A good rule of thumb is highlighting the three security issues with potential to impact the business.

Better security is everyone’s responsibility, but ultimately that tone needs to be set at the highest level of the organization.  Establishing a regular briefing with the CEO and putting security issues into business terms will be a good start to bridging the communication gap that currently exists.  At the end of the day, everyone involved wants the same result; speaking the same language is the best way to ensure everyone is on the same page. – Mike Yaffe, Senior Director Product Marketing

Never Miss a Beat
Subscribe to Our Blog

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities

CIAM

Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy

B2E

Workforce Identities

Govern and control access rights for employees, partners, and contractors

SecureAuth Authenticate App

Passwordless MFA client with
Symbol-to-Accept. Stronger security.

The Value of Deploying Multi-Factor Authentication in a Digital World

Value of Deploying Multi-Factor Authentication in a Digital World

Read this white paper to gain insights and understanding of why passwords create risk and blind spots for organizations and their users.

Initiatives

Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution

Industries

Healthcare

Financial Services

Retail

Energy and Utilities

Public Sector

Resources

White Papers

eBooks

Analyst Reports

Documentation

Events

Recorded Webinars

Innovation Labs

Support Portal

Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth

Careers

Contact