Using Risk to Take the High Road

My @ISACA column for November was published recently. You can read it here.

This was a tough one to write, and not just due to the 200 word max limitation (which I still exceeded). Overall, lots of security professions tend to (I believe) unknowingly speak ill of the management of the companies for which they work. It’s second nature to think that your judgement about security overrides whatever else management is doing. My point with this column was to help people see that risk management defines priority across the organization; in other words, I’m sure that marketing, accounting, sales, etc. think that whatever they are working on is far more important than what security is doing. Thinking about these priorities through a risk lens helps people level-set their work against the rest of the company’s work. I use an outraged “author’s voice” to wake people up to what they are saying and how they express it.

This was difficult to write primarily because I didn’t want to insult anybody, but to also help people understand that the words they use, even amongst other security professionals, are not productive in improving relationships within the rest of the company.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s