Communicating technical risks to the business
Conclusion: The success of a security professional is not measured by whether their recommendations are adopted, but whether the technical risks faced by the organisation have been identified and communicated in terms of business impact to decision makers. This enables the business to make informed decisions. Consequently, security professionals must make it their highest priority to be in communication with the business, because one of the most impactful technical risks is a communications gap between the security team and the business. IT security professionals must take on learning the language of their business, because it isn’t the business’s responsibility to learn to speak IT security.