Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Many security roles require alignment and collaboration with other security and business leaders. Without alignment projects can stall across reporting lines and over negotiating resource allocation and task prioritization. Security should not be negotiated,
as much as it should be able to flow seamlessly into different business processes and initiatives. Building the right collaboration skills to incorporate security is the key to avoiding conflict.
This piece provides some tips for developing trust, reducing conflict and ensuring every security negotiation becomes a win-win interaction.
It’s common to hear security leaders talk about security as an enabler, stating that security is the “Department of Yes,” rather than the “Department of No.” However, many organizations still struggle with security requirements
and controls that are not aligned with the business and seem to pose more obstacles and delays than the promised enablement and speed.
Security leaders also find difficulties negotiating with their business partners when it comes to applying policies, controls and risk management functions.
If negotiation is approached as a win-lose proposition, by definition, one side loses. That’s not where you want to be as a security leader. The first rule of working with partner leaders is to make sure the negotiation isn’t about who wins.
It’s about making things work for the business, the customers and the shareholders.
To foster collaboration and progress, consider using one or more of the following approaches:
READ: The BISO Role: Where Business Meets Security
A good strategy here is to take time before meetings to truly put yourself in the shoes of the other leaders and understand their concerns. Start by talking through their side. For example: “I realize the launch is in five weeks and we have a lot
to catch up on in terms of application testing and configuration. To do that, let’s prioritize cloud security testing so we’re not pushing potential conflicts to the last minute and
risking the launch date.” That makes the security issues part of the overall process, and it assures your partners you have the same goals they do. Be able to focus on the positives including:
Security must never be relegated to the category where “we’re only doing this to check the box.” If it is, it means you haven’t succeeded in explaining the business relevance of a security issue/task or in understanding whether
a task is necessary from a risk management perspective. Any sort of checkbox-type action is going to be perceived as an action that does not yield any return and is an assured way to alienate others and position security back to the “Department
Remember to always frame the discussion in the business context and avoid getting into an “us against them” position. Security is a part of the process and is here to help make better products and competitive businesses. To ensure your negotiations
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
December 7, 2023
By IANS Research
Learn how to create an actionable CISO dashboard with meaningful security metrics using the three C’s principle that supports informed decision-making.
December 5, 2023
By Bryson Bort
As the year draws to a close, IANS Faculty provide their 2024 Cyber Predictions. Watch our video with Bryson Bort for tips on planning your 2024 IT/OT security strategy.
November 30, 2023
CISOs, find guidance on what to focus on within the first 30 days, 6 months and first year of your tenure to ensure a fast, successful start.