Communicating with Japanese in Business Communicating with ...
Bill Lisse - Communicating Security Across the C-Suite
-
Upload
centralohioissa -
Category
Technology
-
view
763 -
download
1
Transcript of Bill Lisse - Communicating Security Across the C-Suite
Communicating Security Across
the C-Suite
RISKVALUE!!
METRICS!
Bill Lisse
"I need staff and I need more money to do my job properly. Executives don't get it! They tell me they want the systems and company to be ‘secure’ but don't want to listen".
Executives and Security DO work toward the same goal: "Securing the business". They differ in terms of focus, interests, beliefs, perspectives, way of working, and languages.
It shouldn't surprise anyone that executives and security are not communicating well; and both are frustrated.
"Sorry I don't understand what you are saying, are you speaking Business?
“Every decision that affects our lives will be made by the person who has the power to make that decision, not the ‘right’ person or the ‘smartest’ person or the ‘best’ person. Make peace with
this fact.”
Executives DO listen but people responsible for security need to learn how to communicate effectively with them.
How do I improve the effectiveness of executive communications?
ISIS
Who are stakeholders? And what do they care about?
ISO/IEC 27001:2013
1. Interested Parties List2. Risk Owners List
Stakeholder Analysis
The Business ContextUse a system thinking approach
The Value Proposition for Security
• Focus on contribution to the larger good—not just the achievement of your objectives.
• Present a realistic "cost-benefit" analysis of your ideas—don't just sell benefits. Every organization has limited resources, time, and energy
• Don't waste time on issues that will only have a negligible impact on results.
The Value Proposition for Security
• Keep in mind that Executives see things from a business perspective as opposed to a technical perspective.
• Think like a business person.• Put everything in a manner that allows them to
quickly see the big picture and business impacts. Do not exaggerate; we will not go out of business!
1. DEFINE the problem set to help identify whether it’s a problem worth solving
2. Is the problem Unworkable?
3. Is fixing the problem Unavoidable?
4. Is the problem Urgent?
Communicating with Executives• Don't be afraid to discuss security issues openly and
“seek to understand”• When presenting ideas to decision-makers, realize that it
is your responsibility to sell, not their responsibility to buy
• Do not use “Techno” speak; use the language of the executive in business terms
• Put everything in a manner that allows them to quickly see the big picture. Use ABC – Accurate, Brief, and Clear
• Strive to win the big battles - don't waste time on issues that will only have a negligible impact on results
Einstein “If you can't explain it simply, you don't understand it well enough”
Use metrics that are meaningful to the executives and business; not just industry examples: Use scorecards, dashboards and colors.
Communicating with Executives
Respect and Trust• Make a positive difference—don't just try to "win" or "be
right" • Realize that powerful people are just as human as you are.
Don't say, "I am amazed that someone at this level…" It is realistic to expect decision-makers to be competent; it is unrealistic to expect them to be anything other than normal humans
• Focus on the future—let go of the past• “Treat decision-makers with the same courtesy that you
would treat customers—don't be disrespectful.”• Assume positive intentions• Support the final decision of the organization
Executives DO listen but people responsible for security need to learn how to communicate effectively with them.
Questions?
SUCCESS!!
CONCEPT
Customizethis!
ELEMENTS PAGE