All the latest UK technology news, reviews and analysis
|
|
|
29 Jul 2009
Chief security officers (CSOs) need to make communication one of their key skill areas, according to experts at the Black Hat USA 2009 conference in Las Vegas.
Technical skills are essential, but one of the key focuses of the successful CSO must be knowing how to explain the issues of computer security to a variety of audiences.
"Translation is what I have to do half the time: explaining what it means in business terms," said John Stuart, CSO at Cisco.
"Management wants nothing to do with the technology side of attacks at first. Later, when they have 15 minutes, they might want to know the technological details, but for the most part it's business that's important."
Bob Lentz, CSO at the US Department of Defence, said that he "agrees 1,000 per cent".
"There is a very big education that has to go on. It is a big part of our game to move from an IT environment to a business one," he explained.
Lentz said that the Department of Defence security team has a review meeting every morning at 7.30am. The public affairs department is the first to speak, covering any breaking news stories, then the legislative affairs department gives a talk on what Congress is thinking. Only then does the security team get to talk over issues.
Businesses are getting a better idea of what is behind current attacks, but there is still a huge amount of technological ignorance to overcome, according to John Johnson, CSO at John Deere.
"The message has to be tailored to the audience," he said. "They want to know how we are doing. If you don't have the ability to go to your data and give them a meaningful response, they are going to wonder why you have your job."
Knowing when not to communicate something is also important. Stuart said that at Cisco he had refused to sign off on the security of certain product groups. This led to Cisco developing its own internal security groups to examine products, which increased security without hurting his budget.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
/ Corporate Account Manager / Management Consultant...
Prince 2 Project Management Professional, Client Facing...
Solution Architect / Technical Project Manager / Corporate...
Solution Architect / Technical Project Manager / Corporate...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?