Information Security Stakeholder Relations
Information security services have a variety of stakeholders with different and sometimes competing interests. These individuals and groups can have significant influence over the eventual success or failure of an information security programme.
CISO365 harnesses the positive influencers and minimises the effect of the negative influencers. Our approach comprises four main steps:
-
identify stakeholders
-
assess their interest and influence
-
develop a communication plan
-
engage and influence stakeholders
This analysis is used to develop an information security communications plan. Appropriate strategies and actions are then defined to engage with different stakeholder groups. Each organisation is unique but this may look like -
Executives and Divisional Heads
-
regular briefing from the CISO
-
regular meetings to understand their sensitivities and concerns
-
a monthly status report presented at a formal review meeting
Staff
-
training, awareness and briefings on key issues
-
one-to-one consultations on high risk issues
-
induction on information security
-
regular newsletters and intranet updates
Clients, Regulators and Other Interested Parties
-
Proactive selling of information security in business development activity
-
Confidence instilling responses to their request for information such as audits and questionnaires
-
Face to face briefings for key clients
Your results, stakeholders have confidence that there needs are being met through adequate and effective information security controls. Your information security is credible with all interested parties.