Effective communications are a cornerstone of mature Security Operations – sharing Threat Intelligence externally, maintaining Security Awareness across your organization, articulating Risk to Business Line managers, or explaining your Risk Posture to executives and board members.
Phenomenati’s Cybersecurity Communications will help you build an effective Communications Strategy and processes for your Security Operations organization.
Sharing Threat Intelligence (indicators, observables, etc.) with external parties has become important for Security Operations to enhance their Threat Awareness. Such information sharing should follow formal procedures. Beginning with clear objectives and well established guidelines and constraints, such as bi-lateral confidentiality/non-disclosure agreements. And adhering to relevant industry standards (STIX, TAXII, CybOX, etc.).
Acknowledging that internal staff often present a major source of vulnerability for any organization; a visible, on-going Security Awareness campaign should be a core part of your Security Operations strategy. Including practical, but frequent (i.e., quarterly), mandatory training for all staff on current events and trends. Emphasizing the potential consequences to the business should threats successfully exploit their vulnerability.
Communicating with non-technical leadership, such as Business Line Managers, about cyber security topics is often challenging. They typically have little-to-no interest in hearing about Threats or Vulnerabilities. Instead, their primary interest is in actual Consequences to their part of the business. To be effective, your Communications Strategy needs to speak in terms of Business/Mission Impact.
Executive Leadership, including boards of directors, often regard cyber security strictly in terms of Risk Mitigation and associated cost. Similar to an insurance policy. While they may have interest in specific Threat Actors (e.g., competitors), their primary concerns are with Consequences, the Cost to avoid them, and a concrete understanding of Acceptable Risk. All your communications with executive leadership should be framed along these 3 dimensions.
Our Cybersecurity Communications services will help you craft a comprehensive, impactful Communications Strategy for your SecOps organization.
Leverage our team's decades of combined experience working across large cybersecurity communities and in the world's largest Security Operations Centers.