Information Security Strategy & Communication Training
Who
Our training is aimed at anyone within the organization specifically responsible for Information Security.
What
How to develop an information security strategy.
How to effectively communicate information security to the entire organization.
Why
Organisations must have a security strategy and plan that clearly identifies the issues, any implications and the required infrastructure. This strategy and associated plan must be kept under constant review and modified to reflect operational conditions. It should be forward looking and map against the corporate strategy to ensure cohesion and future-proofing. The cost of implementing the strategic security plan has to be calculated and finance put in place. A significant contingency should be applied to the budget to cater for any unforeseen circumstances that may require immediate action.
As the role of Information Security Professional continues to evolve we have created training that will teach both developing an Information Security Strategy and Communication.
Strategy
We look at the strategic issues surrounding information security and the role of the information security professional. We discuss the key issues facing security professional and ways in which an information security professional can introduce and implement fundamental changes within the organization.
Delegates will learn:
How security professionals should view their role within their organisation.
How security managers are currently viewed and the steps required in narrowing the gap between where they are now and where they believe they should be.
How to approach security strategically.
How to change both perceptions and attitudes.
Strategic thinking.
Tactics.
How to change the corporate view of security top down.
Communication
Good communication is an essential element for any individual. It’s deemed so important that armies of specialists are employed in a multitude of roles; sales, marketing, public relations, stockholder relations to manage and perpetrate the discipline. Leaders in all walks of life are now chosen as much for their communication skills as for their knowledge, organisational capabilities and experience.
Security professionals have two key audiences that they need to communicate to:
Senior management and in particular the board.
All stakeholders.
The style of communication, the language used and the approach will be quite different but some similarities exist:
It should be free of jargon.
It should be concise and precise.
It should be “fit for purpose”.
The importance of communicating good security practice has long been recognised by many influential organisations. Security awareness programmes are now becoming commonplace, yet few organisations would claim that their programme is totally successful, why? In many cases security awareness programmes take the wrong approach, the key is in the name “awareness”, we should not be trying to teach people how to be security experts.
There are rules that staff need to abide by but the overwhelming aim is to create an awareness of security that pervades their daily actions.
It’s important to understand what it is we are planning to communicate, who the recipients are, and what mechanisms or channels we have at our disposal. Given this information we can marshal the appropriate resources to execute a communication strategy.
All communication needs to be inclusive and in plain language, informative without lecturing the audience. The nature of the communication, timing, length, format, etc. determined in conjunction with the professional communications team.
Various approaches should be explored as for some learners humour is a good approach whereas others react better to cold facts. A variety of different approaches will afford a better chance of getting your message across.
Delegates will learn:
How to adapt their technical knowledge to non-security people.
How to develop a security framework around their awareness programme.
Communication techniques adapted for security professionals.
How to work within a communications team and utilise the skills of other professionals.
Security communications strategy and tactics.
Business speak.
How to address the board and get their attention.
How to get support for security projects.
Timescale
By using an action learning style this training is delivered as a one day course for 3 months. This gives each delegate the opportunity to learn from experience what works and what doesn’t and to then participate in group discussions.