The Discernible Blog
Scrub these Phrases from Your Data Breach Statements
In the event of a security incident, it's critical that your response is both fast and accurate. Unfortunately, many organizations make the mistake of including one or more of the following three elements in their public statements, which impairs the credibility and trustworthiness of their response. By avoiding them, you can help ensure that your organization's response is taken seriously.
Don’t Get Stuck in Conflict: Communication Techniques for InfoSec and Privacy Teams
People on opposite sides of a contentious issue, like data collection and privacy, might never change their minds. Nevertheless, they still need to work together on important issues. How can infosec and privacy professionals influence engineering, product, and other business decisions in the presence of disagreement?
Knocking on the Boardroom Door
One of the most important aspects of my work is helping CISOs with what I like to call “the invisibility problem.” Many talented, hardworking CISOs try to do the right things to be seen: they present at quarterly board meetings and send their executive team regular updates about the security program. While these actions may check the boxes with their management and the Board, I don’t believe they are enough to build the credibility and visibility CISOs need to succeed - and obtain the resources required to protect an organization in a world of ever-expanding risk.
📬 Mailbag Reader Question
A reader asks, “How should brands talk about security threats from abroad without sounding xenophobic?”
Words that Work: Persuasive Language for Security and Privacy Communications
Do you know which words are most effective for the context and audiences of your security and privacy communications? If you’re not sure, now is a good time to start measuring the impact of the language you use. Counting the number of times you distribute content or engage with stakeholders is a good measurement of why you’re so busy, but are your communications as effective as they could be? Want to find out? Let us know!
Does Your Security Comms Strategy Need an Upgrade?
In leading the security and privacy communications strategy for both small and global brands, I’ve found that ongoing attention to routine communications helps minimize both the volume and impact of potential crises. As a result, we advise our clients to prioritize routine security and privacy communications as one way to demonstrate persistent care.
Beyond the Technical: Emotions and Negotiating in Security Leadership Roles
Discussions about emotions come up a lot in our incident preparedness and response work with clients because we’re always thinking about how different stimuli impact people’s expectations and ability to communicate effectively.
Self-Inflicted Pain and Artificial Adversity in InfoSec
The popular saying “what doesn’t kill you makes you stronger” isn’t a guarantee. Traumatic or stressful situations can still destroy trust and motivation, cause irreparable damage to our health, and push people out of the profession.
Risk Communications: Recognizing Turning Points and Managing Decisions
Not communicating about security until it escalates into a crisis is a self-fulfilling prophecy. Instead, security communicators should constantly be on the lookout for critical turning points that can determine the direction of the organization’s future or cost them their reputation.
Third Party Security Incident Response
Why you should communicate with stakeholders about 3rd party security incidents even if you’re not exposed
Risk Communications: An Introduction
Risk makes individuals, groups, and markets behave in certain ways. Our success as security and privacy professionals depends on our ability to help non-experts make risk-related choices. The study of risk communications examines the processes that determine how our communication with these stakeholders enhances or degrades their decision-making ability.
Privacy Outrage: How to Avoid it When You Can and Mitigate it When You Can’t
Today, I’m sharing a sample of questions I ask when reviewing a product or feature proposal.
This Year’s Strategic Relationships: Do You Have What You Need?
Many of us have spent the past few months planning for the coming year and documenting the objectives and outcomes we want to achieve this year. I bet fewer folks spent time considering the specific people whose support, approval, or adoption we need to meet those goals.
Exercising Influence as the Security Team: Look for Friction Not Just Fuel
Sometimes in security, we try to win people over by pushing harder, missing the friction that prevents them from exercising the behavior or decisions we need.
Measuring Communication Effectiveness in Security and Privacy
Without effective communication, incident response is sluggish and chaotic, policies aren’t followed or enforced, business leaders make uninformed decrees, audits drown team morale, and confusion among external stakeholders breeds mistrust and resentment. If there was ever a time for security and privacy leaders to upgrade their communication skills and those of their team, this is it!