Everyone wants information security to be easy. Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.
I think the key to fortune cookie advice is ‘common sense’ in the context of security. It must be simple, succinct, and make sense to everyone, while conveying important security aspects.
Fortune Cookie advice for December:
Be mindful of the security message you deliver to your customers and how it is interpreted
Rallying your populace to be security savvy is a worthwhile investment and must be approached with the appropriate diligence. It is not enough to haphazardly deliver security information and walk away. If it is perceived as ‘junk-mail’, it will be treated as such. Information security must be understood and applied in order to make a difference. This embrace will only occur if the audience understands not only the message, but also why it is important and the overall context. Every good communication program draws in the audience by letting them know how it applies and benefits them.
If we want to be successful, we have an obligation to understand what is being absorbed and how it is being interpreted.
Andy, ITGuy has a great post (check out the picture for a good laugh).
“How we communicate our security plans has to be in a way that the user will understand and that will make them want to work with us”. This is key, as ultimately it is a partnership between dedicated security folks and the organization they protect.
Additionally, Mike Rothman has some great follow-up comments which I think nails the right perspective:
“effective communication is based upon the perception of the person on the other end”. Sounds basic, but how often do we ignore this fundamental principle in our rush to deliver our message?
If you are interested in good security insights, consider subscribing to Andy,ITGuy and Mike Rothman’s blogs. They mix perspective, humor, to timely issues.
So am I contributing to the problem of over simplifying security? Or am I reaching out to those who might not take an inordinate amount of time necessary to understand the complexities and nuances of our industry? You decide and feel free to share your knowledge-nuggets.