Establishing a Communication Framework
Cybersecurity. That word strikes fear in the heart of most business owners and senior managers. Why? Because every time they have a conversation with their technical team, the team throws in some new jargon: What yesterday was called SIM quickly became SIEM, and then, without them even realizing it, it is about to become SOAR. And that's just for the general technology categories. When you throw product names into the mix, it gets even more confusing.
So, how can the IT and cybersecurity teams overcome this problem? By establishing some basic frames of reference, and using them consistently. We've built some great capabilities into FutureFeed that can help.
One of my favorites is the Organization Scale feature.
The Organization Scale can be easily accessed from our toolbar by clicking the ruler icon. The Organization Scale allows you to set three basic scales for the organization:
- Impact - This is the positive impact an item will have on the organization's cybersecurity program.
- Effort - This is the level of effort, in person-hours, associated with implementing an item.
- Cost - The capital outlay necessary to implement an item.
While these may seem trivial items to record, they can significantly streamline communication. Let's look at Effort as an example. Most of the time, when management is reviewing a proposed item, they do not expect the IT or cyber teams to know exactly how many hours something will take to implement. Instead, they are looking for a rough order of magnitude. That is, will this be easy, medium, hard, or somewhere in between those. But what a manager considers easy (perhaps 2 hours of an employee's time) may be very different from what an employee considers easy (e.g., a full day). By establishing these rough order of magnitude scales, organizations can avoid talking past each other or inadvertently setting unrealistic expectations.