Security's Everyman

Security's Everyman

Tuesday, November 11, 2008

Pay Close Attention

Paying close attention to life can save us all a lot of headaches and unnecessary grief. This applies to our lives as information security professionals as well. We need to make sure that we pay close attention to what we are doing. Whether it's monitor logs, configuring devices, reviewing configs or RFP's, writing policy or procedures, etc... If we aren't careful and diligent in what we do we will make a small (hopefully it's small) mistake that may come back to bite us.

We also need to be careful of the message that we give to our customers and users. We need to ensure that we are clear in how we present the message and that it is in line with the business requirements. We need to make sure that we are looking for answers to solve a problem and not just saying "NO". How we communicate our security plans has to be in a way that the user will understand and that will make them want to work with us.

What made me think of this? This picture tells a story that is very different from the one that was trying to be conveyed. If Mom and Dad had paid attention to what little Suzie was drawing for her class project it just could have saved them lots and lots of embarrassment.

What little Suzie was trying to convey was that her Mom worked for a Hardware store and was selling a shovel to a customer.

Comments (3)

Loading... Logging you in...
Dashboard | Edit profile | Logout
  • Logged in as
0 Vote up Vote down
Elizabeth Safran 's avatar - Go to profile

Elizabeth Safran · 853 weeks ago

Hi Andy,

I am a PR consultant that specializes in infosec, and I can't tell you how many posts, articles, and presentations I have seen on this topic, which is what the PR function is all about.

The art of communication is just that -- an ART, with maybe a little science thrown in for good measure. Some people are natural communicators, some aren't. Yet those who aren't never think to involve PR when it comes to clearly articulating the business value of security. And If you believe the hype (including yours,) CISO types might benefit from a bit of coaching on how to better market their message upstream....uh, HELLO.....

Most companies have an internal or external PR resource. It can't hurt to see if they could add value internally as well as externally...

Just a thought.
0 Vote up Vote down
Rebecca's avatar - Go to profile

Rebecca · 853 weeks ago

Andy, I love this post! Suzie's picture made me laugh out loud...boy, can I relate!! :)

Great message. Yes, information security, and privacy, initiatives will not be effective without effective communications.

Now, I need to see about scanning some of my sons' priceless drawings... :)

Rebecca
0 Vote up Vote down
Mike Crabe's avatar - Go to profile

Mike Crabe · 846 weeks ago

What a lovely picture. I hope kids are doing well

Post a new comment

Comments by

Posted by Andy, ITGuy at 10:45 AM

Labels: ,

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.