Run your security department like your own consultancy, and the company as your customer.
Speaking at the Financial Services Information Security conference in London, information security and risk executive Jitender Arora said that the key to success is communicating effectively for a shared sense of purpose, listening to what is brought to the table and addressing failure as so often, we are scared of failing.
He said: “As security people, we can be successful if work within the business as our own entity, our own consultancy.
“How many understand what service we provides? Some say send emails, or reset passwords, and we ask do you know how to contact security department if need them? For three months we brainstormed on what services we were offering and produced a catalogue, but we have to be clear to explain what we are providing, as the CISO provides a service.”
He pinned it down to three areas: communicate, and determine what your strapline is and what services you offer, who are your customers when you produce the material; listen, as if you start listening in your own businesses as if you do not, you will not make enough money as you are in a comfort zone; and finally trust, as how many times do you think “have we done enough to get repeat business”?
“If we think of it as our own consulting business and the board as customers, and think ‘are we doing it right’, if the answer is yes then we have a better chance of being successful,” he said.
In a blog post on this topic, Arora featured a mindmap on the topic.