One of the most serious problems facing security and risk management professionals is the inability to communicate effectively with the enterprise—resulting in security and risk management efforts that fail to meet the needs of the business.
CISOs must effectively communicate to business leaders and key stakeholders how security implications including validating that the appropriate security controls are in place can significantly impact their exposure to risk.
Gartner has identified five key failures in crucial interactions between security and risk professionals and their client:
1. Security and risk management professionals speak a “language” that few people outside their discipline fully understand.
2. Security and risk management professionals have seldom been trained in how to communicate in a business setting.
3. Business leaders are extremely busy.
4. Business leaders find it difficult to express their concerns in terms that security and risk professionals understand.
5. The business finds it extremely difficult to identify its own risk appetite.