Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« P2P Security Study Released | Main | Using DNA Of Family Members To Catch Criminals »

Corporate Communications Officers Tying The Hands Of Information Security and Privacy Pros

I've been here at the CSI SX conference for the past few days, and I've had the great opportunity and pleasure of speaking with a large number of folks while here. I was finally able to meet Ron Woerner in person (nice to meet you Ron!) after communicating with him in the Security Catalyst Community over the past 1+ year.

I love coming to these conferences and just talking with the participants. There is always at least one topic for which I receive enlightenment that I had not considered before. During the past few days I've spoken with 4 to 5 people who are responsible for information security, all from highly regulated industries, who all say despite their adequate to even generous information security and privacy budgets, some of their most important information security and privacy efforts are being quashed by their corporate communications offices; those responsible for the messages that are sent to personnel throughout the enterprise.

"How?" you ask?

The first person I spoke to back on Sunday that brought up this topic said, "I have plenty of budget and resources. However, we really need to get the word out to our employees about how our employees need to work in a way that safeguards information more effectively. The problem is, whenever we want to send communications, we have to go through the corporate communications department. Each time they tell us "NO, we've already met the quota for messages to send to employees this month.""

Wow.

And then, being curious about this issue, I brought it up to several of the new folks I met over the past day or two, and found around 4 - 5 more people who said basically the same thing!

It is a very sad situation, and a horribly poor management decision, to not allow communications to go out to employees because the "quota" of messages have already been sent for the month!

Talk about a frustrating situation; to have enough budget, but then to get your hands tied and voice gagged by a corporate communications department that makes decisions based solely on numbers, and not on the business issues and topics the communications cover.

Based just upon the significant number of people who told me about this situation out of the relatively small number of people I've met and talked to, this must be a widespread situation...or is it?

Do you have to go through a central corporate communications area to distribute your information security and privacy awareness communications? If so, what have been your experiences?

This is definitely an area I want to look into more. I did not find anything of about this during a quick search. It sure would be a nice study to perform...if I had the time and resources!

Hey, any vendors out there want to sponsor this study? :)

Tags:                      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on April 29, 2008 2:51 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/711

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.