By Adam Stone, Secure Digital Solutions
April 11, 2016
A few weeks ago, my colleague, Tennelle Anderson, argued the need for a common language that explains cybersecurity issues in a clear, consistent manner. The thrust of Anderson’s post is that business leaders hear different narratives about the state of cybersecurity depending on who is delivering the message. Ask an auditor about security and the response often focuses on controls. A corporate lawyer may communicate security in terms of compliance. Invite a security professional’s view about the state of security and the answer is often couched in risk mitigation. It is time we begin to Elevate Cybersecurity Communication to Improve Executive Understanding.
Not surprisingly, top managers are confused. According to a recent CNBC report, “more than 90 percent of corporate executives said they cannot read a cybersecurity report” and as a result, “are not prepared to handle a major attack.” Ouch.
As we can see, the real problem facing today’s cybersecurity leaders is less about blocking and tackling security threats and more about successfully communicating program effectiveness (without overselling) to the folks that matter. Without a clear understanding of the value security brings to the business, the natural reaction of executives and board members is to gloss over the issue or worse, underinvest in the security function.
There are new methodologies and solutions rising to the cybersecurity communications challenge. Of these, measuring and communicating cybersecurity issues in terms of process maturity is gaining the most traction. Distinct from the outputs of audits, compliance reviews and risk assessments, focusing on process maturity provides a new narrative; describing in measurable terms an organization’s capacity to effectively and efficiently manage the myriad business processes that comprise a cybersecurity program. Process maturity enables organizations to think strategically about cybersecurity challenges by elevating the discussion beyond controls-based management
Secure Digital Solutions’ Accliviti™ tool, powered by our MAPP™ methodology, empowers organizations with a clear picture of security posture based on ma
turity levels, including trending analysis, planning and budgeting, and built-in support for multiple security frameworks and regulations. With Accliviti’s SaaS delivery model, scoring, tracking improvements and communicating performance of a cybersecurity program happens in weeks, instead of months, using built-in analytics. Accliviti helps security leaders create and communicate a strategic roadmap to guide the organization’s security activities.
By leveraging the best-practice MAPP model (Maturity Assessment, Profile, and Plan) using an automated tool like Accliviti, security leaders can now focus more time and interactions towards security strategy and advisor roles for the business.