Posted by Adrienne Hall, general manager, Trustworthy Computing
For business leaders to make sound decisions related to IT security, they need clear, timely information that maps to business goals. Unfortunately, many IT professionals could do better in communicating with executives, according to a recent study conducted by the Ponemon Institute for the IT security firm Tripwire.
Half of the survey participants said they were “not effective” in communicating all relevant facts about the state of security risk to senior executives and that the security metrics they provide do not align with business objectives.
IT pros say they focus more on operational performance, while executives tend to evaluate security based on cost. In addition, most respondents say the security metrics they collect are too technical to be understood by senior leadership.
Perhaps related: over 40 percent of the respondents say they only communicate with executives during a security incident – hardly a best practice.
Clear, ongoing communication is essential in evaluating and addressing security risk.
One good place to start is Microsoft’s Security Intelligence Report, which can help you protect your organization, software, and people by raising your awareness of threats.
Another option for driving strategic security conversations is the Cloud Security Readiness Tool, which can help you assess your IT environment as you consider the benefits of cloud adoption.
And for a better understanding of the importance of secure software development, have a look at the Benefits of the SDL, an overview of Microsoft’s Security Development Lifecycle.
Managing security risks well is an increasingly important role for business leaders. Strong two-way communication with IT professionals can lead to better results.