Managers need to place greater emphasis on communication skills -- rather than just technical skillsets – of IT security staff, according to META Group research.
“Traditionally, security professionals have regarded 'awareness programs' as a requirement, but few organisations have proven willing to fund strong communication programs of this type,” the research found.
More than 75 percent of organisations identified a lack of user awareness as moderately or severely reducing the effectiveness of their current security program, according to a statement issued by the research organisation. Of those surveyed, 66 percent also found a lack of executive awareness as having a similar impact.
Chris Byrnes, a security analyst at META Group, suggested one solution was to establish a security communication program. “But developing the corporate culture to support that level of investment takes years of effective communication by the existing security staff,” Byrnes warned. “In fact, most organisations will fail to successfully secure their technology environment simply because the security staff lacks the communication skills to create this shift in corporate culture.”
He argued that the importance of communicating security policy to end users was critical to gaining their cooperation in security initiatives. “As security teams focus on policy and audit [or] compliance, the success of those security initiatives depends on obtaining cooperation from end users, executive management, and IT and business managers,” Byrnes said.