Even though they are on the same team, IT security professionals and corporate employees often do not speak the same language. Yet all are tasked with building a stronger and more robust corporation.
For example, how many times have you faced these situations? You request new security hardware or software to secure the perimeter, are denied that request, and later are expected to explain why an intrusion into the companys IT infrastructure occurred. Or you are instructed to comply with a new law or privacy requirement, but not given the tools or support necessary to do the job.
How can an IT department increase awareness and understanding of security issues among leadership or other business units?
One possible solution is to educate your companys leadership by demonstrating how IT security is interconnected with the law, compliance issues, and privacy requirements. By being able to translate technical aspects of your job into real business terms -- and by working across business sectors to implement real solutions -- IT staff can garner the support of others within their company.
While it may not be possible for everyone to fluently speak the same language of IT security, you should expect that the basics of IT security be understood by a broader corporate audience.
How will future editions of this column assist you in this process?
Periodically, we will examine real world situations and the laws, recent legal decisions, and other regulations regarding issues affecting information technology. Some situations will be based on actual cyber security matters and others will be cautionary tales of expected future legal developments.
You can expect columns discussing the legal implications resulting from hacking attacks, data extortion, data theft, and other types of data breaches and regulatory compliance issues involving Gramm-Leach Bliley, HIPAA, Sarbanes-Oxley, and FinCEN Regulations. We'll also address privacy matters involving e-commerce, Website policies, and FTC violations resulting from unfair or deceptive trade practices.
While many of these laws are discussed in other forums, it is my goal that each column will not only discuss these laws and regulations, but also answer the question: "Now what?"
It is only by combining the technical issues of cybersecurity, the framework of corporate governance, and the regulatory/legal framework that progress can be made in better securing the corporate information technology systems that comprise our nations critical infrastructures.
Ensuring that companies can speak and understand the joint language of IT security is one way to prevent an IT Tower of Babel.
Dr. Chris Pierson is an attorney with the law firm of Lewis and Roca LLP. Special to Dark Reading