At some level of abstraction, cyber security is primarily an
exercise in managing change and transforming culture across the enterprise. That’s
a level of abstraction that executives understand. To be successful at this
level of abstraction, you’ll need to learn about the definition of change,
psychology of groups, and other such things.
There’s some level of abstraction that involves business
process owners and tracking security requirements for those underlying business
processes. That’s a level of abstraction that executives understand. To be
successful at this level of abstraction, you’ll need to learn about the intricacies
of things like negotiation, communications, and compromise.
There’s also some level of abstraction that involves security
tools and IT focused concepts. That’s a level of abstraction that executives don’t
understand. To be successful at this level of abstraction, the executives will need
to learn about things like firewalls, DLPs, and SIEMs.
Which level of abstraction is the right level? The easy
answer is the one that gets you the results that you need. But you’ll have tailor what needs to be learned
to the right audience.
Levels of abstraction are important to understanding cyber
security and an interesting view into where cyber security culture and social media spends the most time.
Follow me on Twitter
for discussion and the latest blog updates: @Opinionatedsec1. Or, start your
own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read
it.
SEE ALSO
No comments:
Post a Comment