Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Another Approach To Licensing Compliance | Main | 6 "Scary Stuff" Privacy Terms IT, Info Sec and Privacy Folks Should Know »

Information Security and Privacy Leaders, Get Your Elevator Speeches Ready For Your CxOs!

My father was the superintendent of the public school district where I grew up in Missouri. He was a very hands-on type of leader; when he was not filling out forms, writing reports, making plans, or in meetings he was out in the hallways seeing what was up with the students and teachers and making sure that all was well. And then the evenings were busy with basketball games, concerts or other school events. Those school employees, parents and students that were able to talk with him during opportune times in the hallway or in the bleachers during time-outs, and get their concerns or points stated succinctly and clearly, made a positive impression with my dad. He appreciated that they communicated their ideas and concerns clearly, and got right to the point.

If you had an opportunity to speak for a few minutes with your CEO, CFO, or other CxO, would you be prepared to communicate succinctly and clearly your concerns and state your points regarding the importance of your information security and privacy initiatives?

I've seen many very knowledgeable and talented information security and privacy practitioners who have had golden opportunities presented to them in elevators, in the corporate cafeteria line, and while walking to the parking garage to make an impression on their executives about the importance of information security and privacy, but when the executives asked the question, "How's everything going in your area?" they stumbled or were caught off guard and said something like, "Um, oh, well about as good as can be expected, I guess." Immediately followed by silently kicking themselves at the missed opportunity.

Over the years I've heard some common themes running with regard to what CxOs want to know about information security and privacy efforts within their organizations. These include:

1. What are the personal risks that business executives face if they fail to implement effective security controls or do not comply with data protection regulations?

2. What approach should business leaders take to start an effective risk management program?

3. What are some of the most common ways that information is leaked or compromised?

4. What should we do to secure mobile data?

5. What should we do to keep personnel from making mistakes or doing malicious activities?

Would you have a short, succinct 30-second (give or take) answer ready for each of these when the opportunity presents itself?

I wrote about this in the November CSI Alert, "Elevator Speeches for Business Leaders;" providing a discussion for why each of these issues are important to your business leaders, along with an example elevator speech for each that I have used or would use.

Of course your elevator speech will differ based upon your own personality and your organization's environment and culture. However, I hope that my examples will give you some ideas for creating your own elevator speeches.

Let me know what you think! Let me know what additional topics are important for you in your organization, or what different kind of communication approach you would take in 30-seconds to make an impact on your CxO.

Tags:                    
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on November 26, 2007 8:21 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/585

Comments

Rebecca, could you please change the spelling of your name so that it has 2 b's in it. That way my spell checker won't keep flagging it as being misspelled. :)

Posted by: Andy Willingham | November 27, 2007 8:32 AM

Lol!

Your message reminded me of a funny (at least to me) story...

My farm neighbor friend when I was in the pre-school years was 1 year older than me. We were very good friends, but she always called me "Rebrecka". As we got older she continued to call me "Rebrecka" and even wrote it on birthday cards, etc. that way. To this very day she still calls me that, and must think that is my actual name! Have I ever corrected her? Nah; I like that it sounds a little more exotic and interesting. :)

Posted by: Rebecca | November 27, 2007 8:53 AM

Very recently I came across a very interesting webcast event that is going to be held on December 11, 2007 9 am PT/12 pm ET on subject “How Information Governance and Compliance Pay”. I think this webcast could be useful for your website visitors.
This webcast is based on recent research conducted by the IT Policy Compliance Group, focuses on fact-based insight into how improving information governance, risk and compliance, reduces costs, financial risk and the loss of sensitive data.
You website visitor who are interested in this webcast can learn about the steps should be taking to:
• Reduce labor costs
• Mitigate and avoid significant financial risk and loss
• Improve information governance results
• Improve regulatory compliance results
More information about this webcast is available at How Information Governance and Compliance Pay

Posted by: Mike | November 28, 2007 1:15 AM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.