Evolving the Security Message
Richard Power wrote an article for CSO Online entitled “Red Pill? Blue Pill? Ruminations on the Intersection of Inner Space and Cyber Space”. It ties into the psychology of information security and how the shifting attitudes regarding privacy and security require a different approach to information security. Power writes:
There is a generational shift in regard to security and privacy. The young workers of today have grown up in a world of failed security and vanishing privacy. If you try to reach these 21st Century psyches with a 20th Century security message — you will not reach them, and you will not be heard.
The way information security is addressed must evolve to keep up with the changing viewpoints of the “new workforce”. If the change is not apparent, consider the way communication has changed over the last few decades.
Face-to-face meetings -> phone-calls -> e-mail -> text message -> social media
Different generations have different preferences in the way information is communicated to them. While the way to get a message across has always depended on the audience, we seem to forget that concept in the information security world. In an environment where adapting to change is essential to protecting information assets, it’s amazing that we seem rooted in the way we deliver the security message. We must be better at communicating the value of security in terms and context that is important to the “receiver”.
The bottom line is information security is a collective effort. We simply cannot afford to lose the message in transit because of a rigid approach to communication.
Be passionate. Be open. Be clear. Be agile.
Paul, good article and good job with the blog.
Thanks Nitin. Trying to tie in organizational behavior and business strategy with information security. Having fun too.