Of all the skills that the modern security manager must possess, good communications is arguably the most basic. Most of us have seen innovative ideas fail at some time or other because they weren’t communicated in the right way and many of us have watched our own projects flounder for similar reasons. Speaking as part of a generation that was taught to fight for what it believes in, it is easy to appreciate how enthusiasm and the will to succeed can quickly become a handicap if not managed correctly. As a practicing security manager I continually meet people who are good at arguing their case, but it is far more difficult to find people who have the patience to listen to other points of view and to adapt their game plan accordingly.
The fact is that good communication is extremely difficult. Where information security is concerned, discussions can easily become clouded by specialized terminology and the complex nature of the tools used to solve particular problems (cryptographic techniques provide an ideal example). As security managers we therefore need to continually challenge the way we communicate, not only to ensure that we understand the problems and react appropriately but also to create a long-term atmosphere of confidence and mutual trust.
I propose the following tips for improving communications based on my own experience. Whilst many of these statements might appear to be trivial or self-evident, I challenge the more sceptical reader to take a moment to think about how successfully they put these rules into practice.
This document is in PDF format. To view it click here.