It's probably no big surprise to any of you, but the effectiveness of your organization's risk-management endeavors is directly related to your ability to navigate the quagmire known as corporate politics.
As security and risk professionals have been elevated to senior leadership positions (our readers, i.e. you, are more likely to report to the CEO or the board of directors than to the CIO), that skill, that talent--politics--has become increasingly important. And I have to admit that we may have let you down in that regard.
Over the past 9-plus years, we have focused a great deal of our coverage in CSO on helping you develop professionally and helping you understand the risks that we saw emerging. While we spent a lot of time helping you sell the value of security to your business, I think we could have done a better job of helping you learn the finer points of politics. We have prepared you for battle outside of your corporate walls (physical or fire-) but for battles in the boardroom? I'm not so sure. [Editor's note: Oh sure, now it's my fault.]
Why do I say this? One need look no further that our coverage of this year's Global Information Security Survey. If you recall, we found that 43 percent of you considered yourselves security frontrunners or leaders. But when we dug into some of the details around that 43 percent, it became apparent that there were some glaring shortcomings.
When we analyzed that data further, we found that most respondents (87 percent, actually) had some serious challenges to being able to successfully sell the value of security, which is critical to your ability to get the support of senior leadership in order to get the resources and buy-in necessary to deliver on your strategic vision for security.
The politics come into play when you need to convince the CEO, who juggles the competing priorities of the business, that allocating resources to security and risk management will deliver a better return than giving those same resources to product development, marketing, sales, or some other line of business. Security, we all know, is not an easy sell.
But for all security leaders, even those who can easily translate risk into a business discussion with corporate leadership, politics is the next step that must be taken to succeed. Now, leading CSOs find themselves in the thick of the debate over and battle for resources. That debate is politics.
As we endure another grinding election cycle and the accompanying political battles fought everywhere from Washington to your local town or city hall, watch closely, take notes, and when all else fails, go buy The Art of War by Sun Tzu. It's required reading for the CSO heading into the mahogany-paneled hallways of the executive suite to do battle on the field of corporate politics.
Sign up for MIS Asia eNewsletters.