Speaking to the company board of directors and fellow employees should not be diluted down, but it often ends up that way.
Speaking at the CRESTcon conference in London, HP’s Andrea Simmonds said that some people have learned a lot but are not good communicators, while others are competent but do not know how to apply it, and the challenge for security professionals is how to pass knowledge on in a way that others need to understand.
She said: “Language needs to go through a process of dilution and that can have negative impact. As we move into connected devices and the Internet of Things, there will be technologies for everything that removes the need for people to do things, and that is part of diluting down.”
Asked by an audience member whether it was about diluting down or about getting the message across to someone, Simmonds said it was about terminology, competence and understanding, and how to articulate the business.
“Security has to be a landscape of management concerns, but it is not the only concern and diluting down is not about overstating but putting ourselves into the landscape,” Simmonds said.
Adrian Davis, managing director of (ISC)2, said in his talk that one of the key challenges was the multiplicity of threats and converting those into a language that the business understands and can make informed decisions about.
“If they understand the concept then it helps us build a better defence and it gives you the key to good access control,” he said.