These days, security is becoming more about people. Security awareness, security education, security response, and compliance involve working with people at different levels of the organization to help identify and reduce risk.
In this post, I talk about how the right approaches and interactions with our employees can produce the right outcomes for improved security and compliance.
At times (not always), some IT security managers dismiss or are unaware of how to develop successful relationships with people outside of the IT security team. Particularly with those who have a difficult time understanding security, are against it, skip over it or see it as a road block. These are the types of challenges that require us to come up with creative approaches and interactions with employees so we instill a better understanding about the value and benefits security and compliance can have for our business. By exploring the right ”approaches” and shooting for meaningful “interactions” among a diverse group of people throughout the company, we (the IT security leaders of our company) can step out from behind the curtain, and start to manage a perception that reflects a strong sense of leadership, management and approachability.
I use the terms “approach” and “interaction” because I believe they define a good starting point for us when we’re asked to provide security guidance, awareness, vision and information to different groups across the organization. Two important questions we might ask ourselves before moving forward are; (1) “What’s the most effective way that I can approach this?”; and (2) “How will my interaction with this person or group produce the best results for the business?”.
Keep in mind, that what we as security managers and leaders believe IS best for the business may not be how everyone else perceives what IS best for the business. Everyone has their own ideas of success based on their roles and responsibilities (their own objectives).
Know clearly, moment-to-moment, from a security and compliance perspective, what you want to gain from the interactions you have with everyone, and work patiently and compassionately toward achieving those goals. Easier said than done? Of course. That’s why we chose to become managers and leaders in the first place. We love these types of challenges and in today’s world our biggest challenges in security tend to be people – trying to adjust behaviors and beliefs as part of our strategy for reducing risk.
Compliance is a good example why the right approaches and interactions are important since it involves approaching and interacting with a number of different groups such as Legal, HR, IT, Finance, executives and partners. Many company’s are held accountable for meeting HIPAA/HITEC, PCI, GLBA and SOX compliance, and when our approach and interactions become questionable we risk having a smoother transition toward better compliance and security.
Take your time. Security is a fine balance between what makes sense for people and the business. Thinking carefully about our approaches and interactions can make a world of difference.